Allow login if MFA is not enabled yet

elliot-sawyer / totp-authenticator

SilverStripe Second Factor Authentication using TOTP

BSD 3-Clause "New" or "Revised" License

5 stars 1 forks source link

Open elliot-sawyer opened 6 years ago

elliot-sawyer commented 6 years ago

The user should still be able to authenticate with the TOTP authenticator if 2FA is not active on the account.

robbieaverill commented 6 years ago

Yep +1, I just came across this too:

New install (with default admin)
Create a new account and configure MFA for it
Try to use the TOTP login form to login as default admin which doesn't have MFA enabled
Still asked for TOTP validation

robbieaverill commented 6 years ago

I guess it should have some fallback logic to the default authenticator if it's not enabled for the member