Bugfix/allow impersonation non cal id p (#7689)

* Only require a password when IdP is CAL * Also require twoFactorEnabled
2023-03-15 14:52:32 +00:00 · 2023-03-15 14:52:32 +00:00 · fcb06a131b
parent d778fe6a1b
commit fcb06a131b
1 changed files with 6 additions and 1 deletions
--- a/packages/features/auth/lib/next-auth-options.ts
+++ b/packages/features/auth/lib/next-auth-options.ts
@ -165,7 +165,12 @@ const providers: Provider[] = [
        }).length > 0;

      // authentication success- but does it meet the minimum password requirements?
-      if (user.role === "ADMIN" && !isPasswordValid(credentials.password, false, true)) {
+      if (
+        user.role === "ADMIN" &&
+        ((user.identityProvider === IdentityProvider.CAL &&
+          !isPasswordValid(credentials.password, false, true)) ||
+          !user.twoFactorEnabled)
+      ) {
        return {
          id: user.id,
          username: user.username,