From ecb3ee52b45f6faaa63a437a7be48efc2429a7d6 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Mon, 19 Dec 2022 20:57:20 +0200
Subject: [PATCH] disable admin features unless 2FA configured

---
 files/routes/wrappers.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/routes/wrappers.py b/files/routes/wrappers.py
index fb7998c78f..0f9d42621d 100644
--- a/files/routes/wrappers.py
+++ b/files/routes/wrappers.py
@@ -112,6 +112,7 @@ def admin_level_required(x):
 		def wrapper(*args, **kwargs):
 			v = get_logged_in_user()
 			if not v: abort(401)
+			if not v.mfa_secret: abort(403, "You need to enable 2FA to use admin features!")
 			if v.admin_level < x: abort(403)
 			return make_response(f(*args, v=v, **kwargs))