add 2fa bypass

2025-10-28 18:47:18 +01:00 · 2025-10-28 18:47:18 +01:00 · 9762a935cb
commit 9762a935cb
parent 8c5f78c50f
3 changed files with 20 additions and 4 deletions
--- a/packages/admin-ui/src/pages/Authentication/LoginState.jsx
+++ b/packages/admin-ui/src/pages/Authentication/LoginState.jsx
@ -83,6 +83,11 @@ const LoginState = ({ dispatch, strategy }) => {

    if (!loginResponse.login) return

+    // Handle SKIP2FA case - directly get user data and navigate
+    if (loginResponse.login === 'SKIP2FA') {
+      return getUserData()
+    }
+
    return dispatch({
      type: loginResponse.login,
      payload: {
--- a/packages/server/lib/new-admin/graphql/modules/userManagement.js
+++ b/packages/server/lib/new-admin/graphql/modules/userManagement.js
@ -10,6 +10,7 @@ const users = require('../../../users')
 const sessionManager = require('../../../session-manager')
 const authErrors = require('../errors')
 const credentials = require('../../../hardware-credentials')
+const { skip2fa } = require('../../../environment-helper')

 const REMEMBER_ME_AGE = 90 * T.day

@ -162,15 +163,25 @@ const deleteSession = (sessionID, context) => {
  return sessionManager.deleteSessionById(sessionID)
 }

-const login = (username, password) => {
+const login = (username, password, context) => {
  return authenticateUser(username, password)
    .then(user => {
+      // Skip 2FA if environment variable is set
+      if (skip2fa) {
+        initializeSession(context, user, false)
+        return 'SKIP2FA'
+      }
+
      return Promise.all([
        credentials.getHardwareCredentialsByUserId(user.id),
        user.twofa_code,
      ])
    })
-    .then(([devices, twoFASecret]) => {
+    .then(result => {
+      // If we already handled skip2fa, return the result
+      if (result === 'SKIP2FA') return result
+
+      const [devices, twoFASecret] = result
      if (!_.isEmpty(devices)) return 'FIDO'
      return twoFASecret ? 'INPUT2FA' : 'SETUP2FA'
    })
--- a/packages/server/lib/new-admin/graphql/resolvers/users.resolver.js
+++ b/packages/server/lib/new-admin/graphql/resolvers/users.resolver.js
@ -124,8 +124,8 @@ const resolver = {
      sessionManager.deleteSessionsByUsername(username),
    changeUserRole: (...[, { confirmationCode, id, newRole }, context]) =>
      userManagement.changeUserRole(confirmationCode, id, newRole, context),
-    login: (...[, { username, password }]) =>
-      userManagement.login(username, password),
+    login: (...[, { username, password }, context]) =>
+      userManagement.login(username, password, context),
    input2FA: (...[, { username, password, rememberMe, code }, context]) =>
      userManagement.input2FA(username, password, rememberMe, code, context),
    setup2FA: (