From b5f75f0c5ec97a2417eaaab58d707369c7717ed7 Mon Sep 17 00:00:00 2001 From: Ben Date: Sat, 23 Nov 2024 13:04:27 +0800 Subject: [PATCH] Fix #4841: force 2FA validation when it's required in site level. --- Oqtane.Server/Controllers/UserController.cs | 2 +- Oqtane.Server/Managers/UserManager.cs | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Oqtane.Server/Controllers/UserController.cs b/Oqtane.Server/Controllers/UserController.cs index acbcb1a1..283ccf91 100644 --- a/Oqtane.Server/Controllers/UserController.cs +++ b/Oqtane.Server/Controllers/UserController.cs @@ -136,7 +136,7 @@ namespace Oqtane.Controllers filtered.PhotoFileId = user.PhotoFileId; filtered.LastLoginOn = user.LastLoginOn; filtered.LastIPAddress = user.LastIPAddress; - filtered.TwoFactorRequired = false; + filtered.TwoFactorRequired = user.TwoFactorRequired; filtered.Roles = user.Roles; filtered.CreatedBy = user.CreatedBy; filtered.CreatedOn = user.CreatedOn; diff --git a/Oqtane.Server/Managers/UserManager.cs b/Oqtane.Server/Managers/UserManager.cs index 9fbc96d7..5b68eeb2 100644 --- a/Oqtane.Server/Managers/UserManager.cs +++ b/Oqtane.Server/Managers/UserManager.cs @@ -339,13 +339,15 @@ namespace Oqtane.Managers user = _users.GetUser(user.Username); if (!user.IsDeleted) { - if (user.TwoFactorRequired) + var alias = _tenantManager.GetAlias(); + var twoFactorSetting = _settings.GetSetting(EntityNames.Site, alias.SiteId, "LoginOptions:TwoFactor")?.SettingValue ?? "false"; + var twoFactorRequired = twoFactorSetting == "required" || user.TwoFactorRequired; + if (twoFactorRequired) { var token = await _identityUserManager.GenerateTwoFactorTokenAsync(identityuser, "Email"); user.TwoFactorCode = token; user.TwoFactorExpiry = DateTime.UtcNow.AddMinutes(10); _users.UpdateUser(user); - var alias = _tenantManager.GetAlias(); string siteName = _sites.GetSite(alias.SiteId).Name; string subject = _localizer["TwoFactorEmailSubject"]; subject = subject.Replace("[SiteName]", siteName);