This commit is contained in:
@@ -645,11 +645,11 @@ namespace AyaNova.Api.Controllers
|
|||||||
/// Disable (turn off) 2fa for user account
|
/// Disable (turn off) 2fa for user account
|
||||||
/// (For other user id requires full privileges)
|
/// (For other user id requires full privileges)
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="id">Optional User id otherwise current user account</param>
|
/// <param name="id">User id</param>
|
||||||
/// <param name="apiVersion">From route path</param>
|
/// <param name="apiVersion">From route path</param>
|
||||||
/// <returns>OK on success</returns>
|
/// <returns>OK on success</returns>
|
||||||
[HttpPost("totp-disable/{id}")]
|
[HttpPost("totp-disable/{id}")]
|
||||||
public async Task<IActionResult> DisableTOTP([FromRoute] long? id, ApiVersion apiVersion)
|
public async Task<IActionResult> DisableTOTP([FromRoute] long id, ApiVersion apiVersion)
|
||||||
{
|
{
|
||||||
if (!serverState.IsOpen)
|
if (!serverState.IsOpen)
|
||||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||||
@@ -657,15 +657,14 @@ namespace AyaNova.Api.Controllers
|
|||||||
if (!ModelState.IsValid)
|
if (!ModelState.IsValid)
|
||||||
return BadRequest(new ApiErrorResponse(ModelState));
|
return BadRequest(new ApiErrorResponse(ModelState));
|
||||||
|
|
||||||
if (id != null)
|
var UserId = UserIdFromContext.Id(HttpContext.Items);
|
||||||
|
if (id != UserId) //doing it on behalf of someone else
|
||||||
{
|
{
|
||||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.User))
|
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.User))
|
||||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||||
}
|
}
|
||||||
|
|
||||||
//get user
|
|
||||||
var UserId = id ?? UserIdFromContext.Id(HttpContext.Items);
|
|
||||||
|
|
||||||
var u = await ct.User.FirstOrDefaultAsync(z => z.Id == UserId);
|
var u = await ct.User.FirstOrDefaultAsync(z => z.Id == UserId);
|
||||||
if (u == null)//should never happen but ?
|
if (u == null)//should never happen but ?
|
||||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||||
@@ -674,7 +673,7 @@ namespace AyaNova.Api.Controllers
|
|||||||
u.TempToken = null;
|
u.TempToken = null;
|
||||||
u.TwoFactorEnabled = false;
|
u.TwoFactorEnabled = false;
|
||||||
await ct.SaveChangesAsync();
|
await ct.SaveChangesAsync();
|
||||||
return NoContent();
|
return NoContent();
|
||||||
}
|
}
|
||||||
//------------------------------------------------------
|
//------------------------------------------------------
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user