From e72c653f6ed0745d17d200ecd6160db7517d4a51 Mon Sep 17 00:00:00 2001
From: James Elliott <james-d-elliott@users.noreply.github.com>
Date: Sun, 19 Apr 2020 21:45:46 +1000
Subject: [PATCH] [BUGFIX] 2FA after 1FA only when necessary for access to
 target (#881)

* prevents requirement to always 2FA if the user doesn't have permission to access a target URL
---
 internal/handlers/response.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/handlers/response.go b/internal/handlers/response.go
index eb23ea5c..d831ef74 100644
--- a/internal/handlers/response.go
+++ b/internal/handlers/response.go
@@ -34,8 +34,8 @@ func Handle1FAResponse(ctx *middlewares.AutheliaCtx, targetURI string, username
 
 	ctx.Logger.Debugf("Required level for the URL %s is %d", targetURI, requiredLevel)
 
-	if requiredLevel > authorization.OneFactor {
-		ctx.Logger.Warnf("%s requires more than 1FA, cannot be redirected to", targetURI)
+	if requiredLevel == authorization.TwoFactor {
+		ctx.Logger.Warnf("%s requires 2FA, cannot be redirected yet", targetURI)
 		ctx.ReplyOK()
 		return
 	}