From 3e02304ac203625650ab4b03f9d4146a40839f2f Mon Sep 17 00:00:00 2001 From: Fabio Manganiello Date: Mon, 11 Nov 2024 20:21:26 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20[Auth]=20Fixed=20API=20token=20g?= =?UTF-8?q?eneration=20when=202FA=20is=20enabled.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It should suffice for the user to provide username+password when creating a new API token, even if 2FA is enabled. That's because user authentication has already occurred by the time that that check is made, and the user is already logged through a valid session or API token, so adding an 2FA code check isn't required. This also ensures that the UI doesn't break with a 401 on `/#settings?page=tokens&type=api` when creating a new token. --- platypush/backend/http/app/routes/auth.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/platypush/backend/http/app/routes/auth.py b/platypush/backend/http/app/routes/auth.py index 397805de43..b898c66b18 100644 --- a/platypush/backend/http/app/routes/auth.py +++ b/platypush/backend/http/app/routes/auth.py @@ -107,7 +107,6 @@ def _create_token(): user = None username = payload.get('username') password = payload.get('password') - code = payload.get('code') name = payload.get('name') expiry_days = payload.get('expiry_days') user_manager = UserManager() @@ -115,7 +114,7 @@ def _create_token(): # Try and authenticate with the credentials passed in the JSON payload if username and password: - user = user_manager.authenticate_user(username, password, code=code) + user = user_manager.authenticate_user(username, password, skip_2fa=True) if not isinstance(user, User): return UserAuthStatus.INVALID_CREDENTIALS.to_response()