remove ignoring MFA for munin

This commit is contained in:
github@kiekerjan.isdronken.nl 2021-10-19 23:23:49 +02:00
parent eeada2b9b5
commit 3ce59172cf
2 changed files with 1 additions and 10 deletions

View File

@ -34,7 +34,6 @@ Functionality changes and additions
Removed older cryptos following internet.nl recommendations
Bug fixes
* Munin routes are ignored for Multi Factor Authentication [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1865)
* Munin error report fixed [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1555)
* Correct nextcloud carddav url [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1918)

View File

@ -109,15 +109,7 @@ def validate_auth_mfa(email, request, env):
# If no MFA modes are added, return True.
if len(mfa_state) == 0:
return (True, [])
# munin routes are proxied by our control panel. We do not have
# full control over their routes so credentials are supplied via
# a basic HTTP authentication prompt.
# There is neither a way to input a mfa credential there nor can we pass
# the user_api_key from localStorage so mfa should be disabled for these routes.
if request.full_path.startswith("/munin"):
return (True, [])
# Try the enabled MFA modes.
hints = set()
for mfa_mode in mfa_state: