fix(go): ignore mfa enforcement for user auth;

controllers/user.go

@@ -365,7 +365,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
 
 	var successResponse models.SuccessResponse
 
-	if logic.IsMFAEnabled() && user.IsMFAEnabled {
+	if user.IsMFAEnabled {
 		successResponse = models.SuccessResponse{
 			Code:    http.StatusOK,
 			Message: "W1R3: TOTP required",
@@ -452,13 +452,6 @@ func initiateTOTPSetup(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !logic.IsMFAEnabled() {
-		err = fmt.Errorf("mfa is disabled, cannot process totp setup")
-		logger.Log(0, err.Error())
-		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
-		return
-	}
-
 	if user.IsMFAEnabled {
 		err = fmt.Errorf("mfa is already enabled for user, cannot process totp setup")
 		logger.Log(0, err.Error())
@@ -545,13 +538,6 @@ func completeTOTPSetup(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !logic.IsMFAEnabled() {
-		err = fmt.Errorf("mfa is disabled, cannot process totp setup")
-		logger.Log(0, err.Error())
-		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
-		return
-	}
-
 	if user.IsMFAEnabled {
 		err = fmt.Errorf("mfa is already enabled for user, cannot process totp setup")
 		logger.Log(0, err.Error())
@@ -612,13 +598,6 @@ func verifyTOTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !logic.IsMFAEnabled() {
-		err = fmt.Errorf("mfa is disabled, cannot process totp verification")
-		logger.Log(0, err.Error())
-		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
-		return
-	}
-
 	if !user.IsMFAEnabled {
 		err = fmt.Errorf("mfa is disabled for user(%s), cannot process totp verification", username)
 		logger.Log(0, err.Error())

logic/auth.go

@@ -235,7 +235,7 @@ func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
 		return "", errors.New("incorrect credentials")
 	}
 
-	if IsMFAEnabled() && result.IsMFAEnabled {
+	if result.IsMFAEnabled {
 		tokenString, err := CreatePreAuthToken(authRequest.UserName)
 		if err != nil {
 			slog.Error("error creating jwt", "error", err)

logic/settings.go

@@ -327,9 +327,9 @@ func IsBasicAuthEnabled() bool {
 	return GetServerSettings().BasicAuth
 }
 
-// IsMFAEnabled returns whether MFA has been enabled.
-func IsMFAEnabled() bool {
-	return GetServerSettings().MFAEnabled
+// IsMFAEnforced returns whether MFA has been enforced.
+func IsMFAEnforced() bool {
+	return GetServerSettings().MFAEnforced
 }
 
 // IsEndpointDetectionEnabled - returns true if endpoint detection enabled

models/settings.go

@@ -25,7 +25,7 @@ type ServerSettings struct {
 	Telemetry                      string   `json:"telemetry"`
 	BasicAuth                      bool     `json:"basic_auth"`
 	JwtValidityDuration            int      `json:"jwt_validity_duration"`
-	MFAEnabled                     bool     `json:"mfa_enabled"`
+	MFAEnforced                    bool     `json:"mfa_enforced"`
 	RacAutoDisable                 bool     `json:"rac_auto_disable"`
 	RacRestrictToSingleNetwork     bool     `json:"rac_restrict_to_single_network"`
 	EndpointDetection              bool     `json:"endpoint_detection"`