Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00
Code Issues Activity

Moved session verified check behind staff2fa flag

Browse source
This commit is contained in:
Princi Vershwal 2024-10-10 14:48:03 +01:00 committed by Kevin Ansfield
parent cb8d18423a
commit 3cffb9a132
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
ghost/core/core/server/services/auth/session/middleware.js
View file

@ -42,8 +42,13 @@ function SessionMiddleware({sessionService}) {
async function authenticate(req, res, next) {
try {
const user = await sessionService.getUserForSession(req, res);
const isVerified = await sessionService.isVerifiedSession(req, res);
if (user && isVerified) {
if (user) {
if (labs.isSet('staff2fa')) {
const isVerified = await sessionService.isVerifiedSession(req, res);
if (!isVerified) {
return next();
}
}
// Do not nullify `req.user` as it might have been already set
// in a previous middleware (authorize middleware).
req.user = user;