[Web] Allow force_tfa for LDAP and Keycloak users

2026-03-14 02:31:23 +00:00 · 2026-03-13 14:13:25 +01:00
parent 7817dda43f
commit ed9264fd2a
1 changed files with 4 additions and 0 deletions
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1115,6 +1115,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          $attribute_hash = (!empty($_data['attribute_hash'])) ? $_data['attribute_hash'] : '';
          if (in_array($authsource, array('keycloak', 'generic-oidc', 'ldap'))){
            $force_pw_update = 0;
+          }
+          if ($authsource == 'generic-oidc'){
            $force_tfa = 0;
          }
          $mailbox_attrs = json_encode(
@@ -3126,6 +3128,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              }
              if (in_array($authsource, array('keycloak', 'generic-oidc', 'ldap'))){
                $force_pw_update = 0;
+              }
+              if ($authsource == 'generic-oidc'){
                $force_tfa = 0;
              }
              $pw_recovery_email    = (isset($_data['pw_recovery_email']) && $authsource == 'mailcow') ? $_data['pw_recovery_email'] : $is_now['attributes']['recovery_email'];