Skip to content

Commit

Permalink
fix: add mfa API to isAllowedInDemoMode()
Browse files Browse the repository at this point in the history
  • Loading branch information
@hsluoyz
hsluoyz committed Dec 26, 2023
1 parent dea03cd commit c481960
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion authz/authz.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o

func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
if method == "POST" {
if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" {
if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" || urlPath == "/api/check-user-password" || strings.HasPrefix(urlPath, "/api/mfa/") {
return true
} else if urlPath == "/api/update-user" {
// Allow ordinary users to update their own information
Expand Down

0 comments on commit c481960

Please sign in to comment.