From 202c383d8dc23ff3c0633fff99bd7da95397fe3a Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Tue, 9 May 2017 07:48:57 -0500
Subject: Fix MFA enforcement on login and page load (#6356)

---
 api4/context.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'api4/context.go')

diff --git a/api4/context.go b/api4/context.go
index 32db0ed7d..37af2c6d4 100644
--- a/api4/context.go
+++ b/api4/context.go
@@ -271,9 +271,13 @@ func (c *Context) MfaRequired() {
 			return
 		}
 
+		// Special case to let user get themself
+		if c.Path == "/api/v4/users/me" {
+			return
+		}
+
 		if !user.MfaActive {
-			c.Err = model.NewLocAppError("", "api.context.mfa_required.app_error", nil, "MfaRequired")
-			c.Err.StatusCode = http.StatusUnauthorized
+			c.Err = model.NewAppError("", "api.context.mfa_required.app_error", nil, "MfaRequired", http.StatusForbidden)
 			return
 		}
 	}
-- 
cgit v1.2.3-1-g7c22