allow user who has TOTP enabled to continue using the mobile app

2020-05-08 20:23:13 +02:00 · 2020-05-08 20:23:13 +02:00 · e68eab44b0
parent 2c1daf5bb1
commit e68eab44b0
1 changed files with 3 additions and 1 deletions
--- a/app/api/views/auth.py
+++ b/app/api/views/auth.py
@ -56,7 +56,9 @@ def auth_login():
    elif not user.activated:
        return jsonify(error="Account not activated"), 400
    elif user.fido_enabled():
-        return jsonify(error="Currently we don't support FIDO on mobile yet"), 403
+        # allow user who has TOTP enabled to continue using the mobile app
+        if not user.enable_otp:
+            return jsonify(error="Currently we don't support FIDO on mobile yet"), 403

    return jsonify(**auth_payload(user, device)), 200