update 2faVerification endpoint

eisbilir · eisbilir · commit ef519267bfb5 · 2022-08-04T19:34:07.000+03:00
diff --git a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java
@@ -1676,7 +1676,10 @@ public ApiResponse update2faVerification(
         if(credVerification.getEnabled() == null || !credVerification.getEnabled()) {
             throw new APIRuntimeException(SC_BAD_REQUEST, "2FA is not enabled for user");
         }
-        if(!credVerification.getVerified().equals(credential.getVerified())) {
+        // update only if it's true. We need to prevent changing verification status from true to false
+        // Otherwise 2fa will be skipped during the login flow.
+        // The only way to set verification to false is disabling the 2fa for that user.
+        if(credential.getVerified()) {
             userDao.update2fa(credVerification.getId(), true, credential.getVerified());
         }
         return ApiResponseFactory.createResponse("User verification updated");

Original file line number	Diff line number	Diff line change
`@@ -1676,7 +1676,10 @@ public ApiResponse update2faVerification(`
`1676`	`1676`	`if(credVerification.getEnabled() == null \|\| !credVerification.getEnabled()) {`
`1677`	`1677`	`throw new APIRuntimeException(SC_BAD_REQUEST, "2FA is not enabled for user");`
`1678`	`1678`	`}`
`1679`		`- if(!credVerification.getVerified().equals(credential.getVerified())) {`
	`1679`	`+ // update only if it's true. We need to prevent changing verification status from true to false`
	`1680`	`+ // Otherwise 2fa will be skipped during the login flow.`
	`1681`	`+ // The only way to set verification to false is disabling the 2fa for that user.`
	`1682`	`+ if(credential.getVerified()) {`
`1680`	`1683`	`userDao.update2fa(credVerification.getId(), true, credential.getVerified());`
`1681`	`1684`	`}`
`1682`	`1685`	`return ApiResponseFactory.createResponse("User verification updated");`