don't revoke invited users

we make an exception for invited users to speed up the invitation process as they would have to be restored before they can accept their invitation. if email is enabled, invited users have to add a second factor before they can accept the invitation to an organization with 2fa policy. and if it is not enabled that check is done when confirming the 2fa policy.
dani-garcia · Oct 22, 2023 · 720e0aa · 720e0aa
1 parent 145fde3
commit 720e0aa
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/api/core/two_factor/mod.rs b/src/api/core/two_factor/mod.rs
@@ -176,8 +176,9 @@ pub async fn enforce_2fa_policy(
         .await
         .into_iter()
     {
-        // Policy only applies to non-Owner/non-Admin members who have accepted joining the org
-        if member.atype < UserOrgType::Admin {
+        // Don't enforce the policy for Admins and Owners
+        // Invited users will get an error when they try to accept the invite.
+        if member.atype < UserOrgType::Admin && member.status != UserOrgStatus::Invited as i32 {
             if CONFIG.mail_enabled() {
                 let org = Organization::find_by_uuid(&member.org_uuid, conn).await.unwrap();
                 mail::send_2fa_removed_from_org(&user.email, &org.name).await?;