From 5039b8da3a941be19104cfe18cac57c756696a2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niccol=C3=B2=20Belli?= <niccolo.belli@linuxsystems.it>
Date: Thu, 23 Nov 2023 12:05:12 +0100
Subject: [PATCH] fix: allow additional secret fields when setting two factor
 in rest-express

---
 packages/rest-express/src/endpoints/password/two-factor.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/rest-express/src/endpoints/password/two-factor.ts b/packages/rest-express/src/endpoints/password/two-factor.ts
index 6a7e067e5..f1a8ff487 100644
--- a/packages/rest-express/src/endpoints/password/two-factor.ts
+++ b/packages/rest-express/src/endpoints/password/two-factor.ts
@@ -18,6 +18,7 @@ export const twoFactorSecret =
   };
 
 export const twoFactorSet = (accountsServer: AccountsServer) => [
+  body('secret').isObject().notEmpty(),
   body('secret.base32').isString().notEmpty(),
   body('code').isString().notEmpty(),
   async (req: express.Request, res: express.Response) => {