fix: handle disabled mfa types correctly during login (#979)

* fix: handle disabled mfa types during login correctly * fix: add 2fa to default login policy * fix: setup * Update internal/setup/step7.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-11 21:37:32 +00:00 · 2020-11-18 12:56:24 +01:00
parent 955dec8694
commit b9be5f4e11
8 changed files with 128 additions and 38 deletions
--- a/internal/user/model/user_view.go
+++ b/internal/user/model/user_view.go
@@ -142,10 +142,12 @@ func (u *UserView) MfaTypesSetupPossible(level req_model.MFALevel, policy *iam_m
 	return types
 }

-func (u *UserView) MfaTypesAllowed(level req_model.MFALevel, policy *iam_model.LoginPolicyView) []req_model.MFAType {
+func (u *UserView) MfaTypesAllowed(level req_model.MFALevel, policy *iam_model.LoginPolicyView) ([]req_model.MFAType, bool) {
 	types := make([]req_model.MFAType, 0)
+	required := true
 	switch level {
 	default:
+		required = policy.ForceMFA
 		fallthrough
 	case req_model.MFALevelSecondFactor:
 		if policy.HasSecondFactors() {
@@ -172,7 +174,7 @@ func (u *UserView) MfaTypesAllowed(level req_model.MFALevel, policy *iam_model.L
 		}
 		//PLANNED: add token
 	}
-	return types
+	return types, required
 }

 func (u *UserView) HasRequiredOrgMFALevel(policy *iam_model.LoginPolicyView) bool {