diff --git a/Oqtane.Server/Controllers/UserController.cs b/Oqtane.Server/Controllers/UserController.cs index acbcb1a1..283ccf91 100644 --- a/Oqtane.Server/Controllers/UserController.cs +++ b/Oqtane.Server/Controllers/UserController.cs @@ -136,7 +136,7 @@ namespace Oqtane.Controllers filtered.PhotoFileId = user.PhotoFileId; filtered.LastLoginOn = user.LastLoginOn; filtered.LastIPAddress = user.LastIPAddress; - filtered.TwoFactorRequired = false; + filtered.TwoFactorRequired = user.TwoFactorRequired; filtered.Roles = user.Roles; filtered.CreatedBy = user.CreatedBy; filtered.CreatedOn = user.CreatedOn; diff --git a/Oqtane.Server/Managers/UserManager.cs b/Oqtane.Server/Managers/UserManager.cs index 9fbc96d7..5b68eeb2 100644 --- a/Oqtane.Server/Managers/UserManager.cs +++ b/Oqtane.Server/Managers/UserManager.cs @@ -339,13 +339,15 @@ namespace Oqtane.Managers user = _users.GetUser(user.Username); if (!user.IsDeleted) { - if (user.TwoFactorRequired) + var alias = _tenantManager.GetAlias(); + var twoFactorSetting = _settings.GetSetting(EntityNames.Site, alias.SiteId, "LoginOptions:TwoFactor")?.SettingValue ?? "false"; + var twoFactorRequired = twoFactorSetting == "required" || user.TwoFactorRequired; + if (twoFactorRequired) { var token = await _identityUserManager.GenerateTwoFactorTokenAsync(identityuser, "Email"); user.TwoFactorCode = token; user.TwoFactorExpiry = DateTime.UtcNow.AddMinutes(10); _users.UpdateUser(user); - var alias = _tenantManager.GetAlias(); string siteName = _sites.GetSite(alias.SiteId).Name; string subject = _localizer["TwoFactorEmailSubject"]; subject = subject.Replace("[SiteName]", siteName);