pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-23 04:11:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix MFA bypass vulnerability

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-10-31 13:41:56 +00:00
parent 47607c55e2
commit 4e4876997e
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/hooks/useRequireMFA.ts
View File

@@ -43,6 +43,7 @@ export function useRequireMFA() {
isEnrolled,
needsEnrollment: requiresMFA && !isEnrolled,
needsVerification,
isBlocked: requiresMFA && (!isEnrolled || (isEnrolled && aal === 'aal1')), // Convenience flag
aal,
loading: loading || roleLoading,
};

6
src/pages/AdminDashboard.tsx
View File

@@ -24,7 +24,7 @@ export default function AdminDashboard() {
useDocumentTitle('Dashboard - Admin');
const { user, loading: authLoading } = useAuth();
const { isModerator, loading: roleLoading } = useUserRole();
const { needsEnrollment, loading: mfaLoading } = useRequireMFA();
const { needsEnrollment, needsVerification, loading: mfaLoading } = useRequireMFA();
const navigate = useNavigate();
const [isRefreshing, setIsRefreshing] = useState(false);
const [activeTab, setActiveTab] = useState('moderation');
@@ -138,8 +138,8 @@ export default function AdminDashboard() {
return null;
}
// MFA enforcement
if (needsEnrollment) {
// MFA enforcement - CRITICAL: Block if EITHER not enrolled OR needs verification
if (needsEnrollment || needsVerification) {
return (
<AdminLayout>
<MFARequiredAlert />