changelog

battermann · battermann · commit 1fef75797560 · 2022-03-29T09:36:09.000Z
diff --git a/changelog.d/2-features/pr-2207 b/changelog.d/2-features/pr-2207
@@ -0,0 +1 @@
+The bot API will be blocked if the 2nd factor authentication team feature is enabled.
diff --git a/services/brig/src/Brig/Provider/API.hs b/services/brig/src/Brig/Provider/API.hs
@@ -954,7 +954,6 @@ botGetSelfH bot = do
 
 botGetSelf :: BotId -> (Handler r) Public.UserProfile
 botGetSelf bot = do
-  checkAllowed (Just (botUserId bot))
   p <- lift $ wrapClient $ User.lookupUser NoPendingInvitations (botUserId bot)
   maybe (throwErrorDescriptionType @UserNotFound) (return . (`Public.publicProfile` UserLegalHoldNoConsent)) p
 
@@ -1043,16 +1042,9 @@ botDeleteSelf bid cid = do
 -- Utilities
 
 checkAllowed :: Maybe UserId -> (Handler r) ()
-checkAllowed = \case
-  Just userId ->
-    whenM (isPasswordChallengeEnabled (Just userId)) $ throwStd accessDenied
-  Nothing ->
-    whenM (isPasswordChallengeEnabled Nothing) $ throwStd accessDenied
-
-isPasswordChallengeEnabled :: Maybe UserId -> (Handler r) Bool
-isPasswordChallengeEnabled mbUserId = do
-  status <- lift $ RPC.getTeamFeatureStatusSndFactorPasswordChallenge mbUserId
-  pure $ Feature.tfwoStatus status == Feature.TeamFeatureEnabled
+checkAllowed mbUserId = do
+  enabled <- lift $ (==) Feature.TeamFeatureEnabled . Feature.tfwoStatus <$> RPC.getTeamFeatureStatusSndFactorPasswordChallenge mbUserId
+  when enabled $ throwStd accessDenied
 
 minRsaKeySize :: Int
 minRsaKeySize = 256 -- Bytes (= 2048 bits)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+The bot API will be blocked if the 2nd factor authentication team feature is enabled.`