fix: reject CalDAV basic auth when TOTP is enabled

This commit is contained in:
kolaente 2026-03-20 10:17:40 +01:00 committed by kolaente
parent a66bda2f51
commit cdf5d30a42
1 changed files with 12 additions and 0 deletions

View File

@ -47,6 +47,18 @@ func BasicAuth(c *echo.Context, username, password string) (bool, error) {
log.Errorf("Error during basic auth for caldav: %v", err)
return false, nil
}
// If the user has TOTP enabled, reject password-based basic auth.
// They must use a CalDAV token instead.
totpEnabled, err := user.TOTPEnabledForUser(s, u)
if err != nil {
log.Errorf("Error checking TOTP status for caldav basic auth: %v", err)
return false, nil
}
if totpEnabled {
log.Warningf("CalDAV basic auth rejected for user %d: TOTP is enabled, a CalDAV token is required", u.ID)
return false, nil
}
}
if u != nil && err == nil {
c.Set("userBasicAuth", u)