From 3ce59172cfbb32cd705c31add74e688a02a63349 Mon Sep 17 00:00:00 2001
From: "github@kiekerjan.isdronken.nl" <github@kiekerjan.isdronken.nl>
Date: Tue, 19 Oct 2021 23:23:49 +0200
Subject: [PATCH] remove ignoring MFA for munin

---
 README.md         |  1 -
 management/mfa.py | 10 +---------
 2 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/README.md b/README.md
index bc0f7a27..e6c4f865 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,6 @@ Functionality changes and additions
   Removed older cryptos following internet.nl recommendations
 
 Bug fixes
-* Munin routes are ignored for Multi Factor Authentication [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1865)
 * Munin error report fixed [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1555)
 * Correct nextcloud carddav url [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1918)
 
diff --git a/management/mfa.py b/management/mfa.py
index 0de4d858..32eb5183 100644
--- a/management/mfa.py
+++ b/management/mfa.py
@@ -109,15 +109,7 @@ def validate_auth_mfa(email, request, env):
 	# If no MFA modes are added, return True.
 	if len(mfa_state) == 0:
 		return (True, [])
-		
-	# munin routes are proxied by our control panel. We do not have
-	# full control over their routes so credentials are supplied via
-	# a basic HTTP authentication prompt.
-	# There is neither a way to input a mfa credential there nor can we pass
-	# the user_api_key from localStorage so mfa should be disabled for these routes.
-	if request.full_path.startswith("/munin"):
-		return (True, [])
-		
+
 	# Try the enabled MFA modes.
 	hints = set()
 	for mfa_mode in mfa_state: