Fix: 2FA DDP method not getting code on API call that doesn’t requires 2FA #16998
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sampaiodiego
approved these changes
Mar 26, 2020
gabriellsh
added a commit
that referenced
this pull request
Mar 26, 2020
…/react-root * 'develop' of github.com:RocketChat/Rocket.Chat: (76 commits) Regression: Fix issue with opening rooms (#17028) Group DM improvements [NEW] Sort channel directory listing by latest message (#16604) [FIX] Wrong message count statistics in Admin info page (#16680) Fix: 2FA DDP method not getting code on API call that doesn’t requires 2FA (#16998) [NEW] Direct message between multiple users (#16761) Bump version to 3.0.7 Regression: Remove deprecated Omnichannel setting used to fetch the queue data through subscription (#17017) Regression: Remove deprecated Omnichannel setting used to fetch the queue data through subscription (#17017) Bump version to 3.0.6 [Regression] Replace the Omnichannel queue model observe with Stream (#16999) [FIX] Keeps the agent in the room after accepting a new Omnichannel request (#16787) [Regression] Replace the Omnichannel queue model observe with Stream (#16999) [NEW] Engagement Dashboard (#16960) Fix StreamCast info (#16995) [IMPROVE] Ability to change offline message button link on emails notifications (#16784) Bump version to 3.0.5 [FIX] Race conditions on/before login (#16989) [FIX] Race conditions on/before login (#16989) Fix: StreamCast was not working correctly (#16983) ...
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When a DDP method that requires 2FA is called from inside an API without 2FA required the code verification wasn't possible to happen since the API didn't set the context as authorized and the method didn't have access to the headers to execute the authorization process.
This change makes it possible by getting the information from the connection headers if not passed to the 2FA process, it's only possible for this type of call since the connection originates from the API and the headers refer to the call.