Adding protection for enabling MFA when MFA is not available.

2025-11-01 03:07:59 +00:00 · 2022-05-05 09:25:32 -07:00
parent c19ce8a92c
commit afc8a59267
4 changed files with 29 additions and 1 deletions
--- a/src/RESTAPI/RESTAPI_subuser_handler.cpp
+++ b/src/RESTAPI/RESTAPI_subuser_handler.cpp
@@ -6,6 +6,7 @@
 #include "StorageService.h"
 #include "framework/ow_constants.h"
 #include "SMSSender.h"
+#include "SMTPMailerService.h"
 #include "ACLProcessor.h"
 #include "AuthService.h"
 #include "RESTAPI/RESTAPI_db_helpers.h"
@@ -252,6 +253,18 @@ namespace OpenWifi {
                    return BadRequest(RESTAPI::Errors::BadMFAMethod);
                }

+                if( NewUser.userTypeProprietaryInfo.mfa.enabled &&
+                    NewUser.userTypeProprietaryInfo.mfa.method == MFAMETHODS::SMS &&
+                    !SMSSender()->Enabled()) {
+                    return BadRequest(RESTAPI::Errors::SMSMFANotEnabled);
+                }
+
+                if( NewUser.userTypeProprietaryInfo.mfa.enabled &&
+                    NewUser.userTypeProprietaryInfo.mfa.method == MFAMETHODS::EMAIL &&
+                    !SMTPMailerService()->Enabled()) {
+                    return BadRequest(RESTAPI::Errors::EMailMFANotEnabled);
+                }
+
                bool ChangingMFA =
                        NewUser.userTypeProprietaryInfo.mfa.enabled && !Existing.userTypeProprietaryInfo.mfa.enabled;
                Existing.userTypeProprietaryInfo.mfa.enabled = NewUser.userTypeProprietaryInfo.mfa.enabled;