implement new setting

RocketChat · Jul 30, 2024 · 214015c · 214015c
1 parent 39fb14e
commit 214015c
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 1 deletion.
diff --git a/apps/meteor/app/2fa/server/code/EmailCheck.ts b/apps/meteor/app/2fa/server/code/EmailCheck.ts
@@ -28,6 +28,10 @@ export class EmailCheck implements ICodeCheck {
 			return false;
 		}
 
+		if (settings.get('Accounts_TwoFactorAuthentication_Disable_Email_For_OAuth_Users')) {
+			return user?.services?.password?.bcrypt !== undefined;
+		}
+
 		return this.getUserVerifiedEmails(user).length > 0;
 	}
 

diff --git a/apps/meteor/app/2fa/server/code/PasswordCheckFallback.ts b/apps/meteor/app/2fa/server/code/PasswordCheckFallback.ts
@@ -14,7 +14,7 @@ export class PasswordCheckFallback implements ICodeCheck {
 		// TODO: Remove this setting for version 4.0 forcing the
 		// password fallback for who has password set.
 		if (settings.get('Accounts_TwoFactorAuthentication_Enforce_Password_Fallback')) {
-			return user.services?.password?.bcrypt != null;
+			return user.services?.password?.bcrypt !== undefined;
 		}
 		return false;
 	}

diff --git a/apps/meteor/server/settings/accounts.ts b/apps/meteor/server/settings/accounts.ts
@@ -31,6 +31,18 @@ export const createAccountSettings = () =>
 				public: true,
 			});
 
+			await this.add('Accounts_TwoFactorAuthentication_Disable_Email_For_OAuth_Users', false, {
+				type: 'boolean',
+				enableQuery: [
+					enable2FA,
+					{
+						_id: 'Accounts_TwoFactorAuthentication_By_Email_Enabled',
+						value: true,
+					},
+				],
+				public: true,
+			});
+
 			await this.add('Accounts_TwoFactorAuthentication_By_Email_Auto_Opt_In', true, {
 				type: 'boolean',
 				enableQuery: [

diff --git a/packages/i18n/src/locales/en.i18n.json b/packages/i18n/src/locales/en.i18n.json
@@ -282,6 +282,7 @@
   "Accounts_TwoFactorAuthentication_By_Email_Code_Expiration": "Time to expire the code sent via email in seconds",
   "Accounts_TwoFactorAuthentication_By_Email_Enabled": "Enable Two Factor Authentication via Email",
   "Accounts_TwoFactorAuthentication_By_Email_Enabled_Description": "Users with email verified and the option enabled in their profile page will receive an email with a temporary code to authorize certain actions like login, save the profile, etc.",
+  "Accounts_TwoFactorAuthentication_Disable_Email_For_OAuth_Users": "Disable two factor authentication via email for OAuth users",
   "Accounts_TwoFactorAuthentication_Enabled": "Enable Two Factor Authentication",
   "Accounts_TwoFactorAuthentication_Enabled_Description": "If deactivated, this setting will deactivate all Two Factor Authentication.  \nTo force users to use Two Factor Authentication, the admin has to configure the 'user' role to enforce it.",
   "Accounts_TwoFactorAuthentication_Enforce_Password_Fallback": "Enforce password fallback",