fds

2022-01-02 15:32:50 +02:00 · 2022-01-02 15:32:50 +02:00 · 3fee3dcb12
parent c2631b3d71
commit 3fee3dcb12
1 changed files with 3 additions and 2 deletions
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@ -627,7 +627,8 @@ def settings_security_post(v):

 		return render_template("settings_security.html", v=v, error="Check your email and click the verification link to complete the email change.")

-	if request.values.get("2fa_token", ""):
+	if request.values.get("2fa_token"):
+		if v.id == PW_ID: abort(403)

 		if not v.verifyPass(request.values.get('password')):
 			return render_template("settings_security.html", v=v, error="Invalid password or token.")
@ -644,7 +645,7 @@ def settings_security_post(v):

 		return render_template("settings_security.html", v=v, msg="Two-factor authentication enabled.")

-	if request.values.get("2fa_remove", ""):
+	if request.values.get("2fa_remove"):

 		if not v.verifyPass(request.values.get('password')):
 			return render_template("settings_security.html", v=v, error="Invalid password or token.")