From 2166c058f34dff6f91566930d12448805d829de7 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Fri, 7 Oct 2022 14:23:42 +0200
Subject: Allow admins to disable two factor auth

---
 server/controllers/api/users/two-factor.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'server/controllers')

diff --git a/server/controllers/api/users/two-factor.ts b/server/controllers/api/users/two-factor.ts
index 1725294e7..79f63a62d 100644
--- a/server/controllers/api/users/two-factor.ts
+++ b/server/controllers/api/users/two-factor.ts
@@ -1,7 +1,7 @@
 import express from 'express'
 import { generateOTPSecret, isOTPValid } from '@server/helpers/otp'
 import { Redis } from '@server/lib/redis'
-import { asyncMiddleware, authenticate, usersCheckCurrentPassword } from '@server/middlewares'
+import { asyncMiddleware, authenticate, usersCheckCurrentPasswordFactory } from '@server/middlewares'
 import {
   confirmTwoFactorValidator,
   disableTwoFactorValidator,
@@ -13,7 +13,7 @@ const twoFactorRouter = express.Router()
 
 twoFactorRouter.post('/:id/two-factor/request',
   authenticate,
-  asyncMiddleware(usersCheckCurrentPassword),
+  asyncMiddleware(usersCheckCurrentPasswordFactory(req => req.params.id)),
   asyncMiddleware(requestOrConfirmTwoFactorValidator),
   asyncMiddleware(requestTwoFactor)
 )
@@ -27,7 +27,7 @@ twoFactorRouter.post('/:id/two-factor/confirm-request',
 
 twoFactorRouter.post('/:id/two-factor/disable',
   authenticate,
-  asyncMiddleware(usersCheckCurrentPassword),
+  asyncMiddleware(usersCheckCurrentPasswordFactory(req => req.params.id)),
   asyncMiddleware(disableTwoFactorValidator),
   asyncMiddleware(disableTwoFactor)
 )
-- 
cgit v1.2.3