Skip to content

fix #11 - ensure users with 2fa can change password

mh requested to merge pwchange-2fa into master

To change the password we were first authenticating the user. However, since we wrote this code, we introduced 2fa and it didn't set all the appropriate flags to authenticate without 2fa.

Actually what was failing was the mail_crypt authentication, as missing 2fa support (due to missing flag) on enabled 2fa users disables the use of the master password.

We switch to use the common wrapper for all security related requests (this requires the master password) instead of directly calling the AuthManager.

Merge request reports