From 50cf190d138a139e1846a3ad919bbe244073b36f Mon Sep 17 00:00:00 2001
From: whikernel <whitekernel@whitekernel.fr>
Date: Thu, 14 Nov 2024 10:18:44 +0100
Subject: [PATCH] [FIX] Issue with hybrid OIDC / Local auth

---
 source/app/blueprints/login/login_routes.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source/app/blueprints/login/login_routes.py b/source/app/blueprints/login/login_routes.py
index 0d184f8ab..1deaef42a 100644
--- a/source/app/blueprints/login/login_routes.py
+++ b/source/app/blueprints/login/login_routes.py
@@ -253,16 +253,16 @@ def oidc_authorise():
         if user and not user.active:
             return response_error("User not active in IRIS", 403)
 
-        return wrap_login_user(user)
+        return wrap_login_user(user, is_oidc=True)
 
-def wrap_login_user(user):
+def wrap_login_user(user, is_oidc=False):
 
     session['username'] = user.user
 
     if 'SERVER_SETTINGS' not in app.config:
         app.config['SERVER_SETTINGS'] = get_server_settings_as_dict()
 
-    if app.config['SERVER_SETTINGS']['enforce_mfa']:
+    if app.config['SERVER_SETTINGS']['enforce_mfa'] is True and is_oidc is False:
         if "mfa_verified" not in session or session["mfa_verified"] is False:
             return redirect(url_for('mfa_verify'))