fix: reject CalDAV basic auth when TOTP is enabled
This commit is contained in:
parent
a66bda2f51
commit
cdf5d30a42
|
|
@ -47,6 +47,18 @@ func BasicAuth(c *echo.Context, username, password string) (bool, error) {
|
|||
log.Errorf("Error during basic auth for caldav: %v", err)
|
||||
return false, nil
|
||||
}
|
||||
|
||||
// If the user has TOTP enabled, reject password-based basic auth.
|
||||
// They must use a CalDAV token instead.
|
||||
totpEnabled, err := user.TOTPEnabledForUser(s, u)
|
||||
if err != nil {
|
||||
log.Errorf("Error checking TOTP status for caldav basic auth: %v", err)
|
||||
return false, nil
|
||||
}
|
||||
if totpEnabled {
|
||||
log.Warningf("CalDAV basic auth rejected for user %d: TOTP is enabled, a CalDAV token is required", u.ID)
|
||||
return false, nil
|
||||
}
|
||||
}
|
||||
if u != nil && err == nil {
|
||||
c.Set("userBasicAuth", u)
|
||||
|
|
|
|||
Loading…
Reference in New Issue