Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: 2FA DDP method not getting code on API call that doesn’t requires 2FA #16998

Merged
merged 1 commit into from
Mar 26, 2020

Conversation

rodrigok
Copy link
Member

When a DDP method that requires 2FA is called from inside an API without 2FA required the code verification wasn't possible to happen since the API didn't set the context as authorized and the method didn't have access to the headers to execute the authorization process.

This change makes it possible by getting the information from the connection headers if not passed to the 2FA process, it's only possible for this type of call since the connection originates from the API and the headers refer to the call.

@rodrigok rodrigok added this to the 3.1.0 milestone Mar 25, 2020
@rodrigok rodrigok requested a review from sampaiodiego March 25, 2020 00:15
@sampaiodiego sampaiodiego merged commit 29f0396 into develop Mar 26, 2020
@sampaiodiego sampaiodiego deleted the allow-2fa-get-code-from-headers branch March 26, 2020 03:42
gabriellsh added a commit that referenced this pull request Mar 26, 2020
…/react-root

* 'develop' of github.com:RocketChat/Rocket.Chat: (76 commits)
  Regression: Fix issue with opening rooms (#17028)
  Group DM improvements
  [NEW] Sort channel directory listing by latest message (#16604)
  [FIX] Wrong message count statistics in Admin info page (#16680)
  Fix: 2FA DDP method not getting code on API call that doesn’t requires 2FA (#16998)
  [NEW] Direct message between multiple users (#16761)
  Bump version to 3.0.7
  Regression: Remove deprecated Omnichannel setting used to fetch the queue data through subscription  (#17017)
  Regression: Remove deprecated Omnichannel setting used to fetch the queue data through subscription  (#17017)
  Bump version to 3.0.6
  [Regression] Replace the Omnichannel queue model observe with Stream (#16999)
  [FIX]  Keeps the agent in the room after accepting a new Omnichannel request (#16787)
  [Regression] Replace the Omnichannel queue model observe with Stream (#16999)
  [NEW] Engagement Dashboard (#16960)
  Fix StreamCast info (#16995)
  [IMPROVE] Ability to change offline message button link on emails notifications (#16784)
  Bump version to 3.0.5
  [FIX] Race conditions on/before login (#16989)
  [FIX] Race conditions on/before login (#16989)
  Fix: StreamCast was not working correctly (#16983)
  ...
@sampaiodiego sampaiodiego mentioned this pull request Apr 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants