admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2021-03-12 21:37:38 +00:00
parent 61c64dbcf4
commit 5c6cf1939b
1 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server/AyaNova/Controllers/AuthController.cs
View File

@@ -645,11 +645,11 @@ namespace AyaNova.Api.Controllers
/// Disable (turn off) 2fa for user account
/// (For other user id requires full privileges)
/// </summary>
/// <param name="id">Optional User id otherwise current user account</param>
/// <param name="id">User id</param>
/// <param name="apiVersion">From route path</param>
/// <returns>OK on success</returns>
[HttpPost("totp-disable/{id}")]
public async Task<IActionResult> DisableTOTP([FromRoute] long? id, ApiVersion apiVersion)
public async Task<IActionResult> DisableTOTP([FromRoute] long id, ApiVersion apiVersion)
{
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
@@ -657,15 +657,14 @@ namespace AyaNova.Api.Controllers
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
if (id != null)
var UserId = UserIdFromContext.Id(HttpContext.Items);
if (id != UserId) //doing it on behalf of someone else
{
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.User))
return StatusCode(403, new ApiNotAuthorizedResponse());
}
//get user
var UserId = id ?? UserIdFromContext.Id(HttpContext.Items);
var u = await ct.User.FirstOrDefaultAsync(z => z.Id == UserId);
if (u == null)//should never happen but ?
return StatusCode(403, new ApiNotAuthorizedResponse());
@@ -674,7 +673,7 @@ namespace AyaNova.Api.Controllers
u.TempToken = null;
u.TwoFactorEnabled = false;
await ct.SaveChangesAsync();
return NoContent();
return NoContent();
}
//------------------------------------------------------