From 771cbc0888c521e2d4aae2a6e5ec24f7c3c2eecc Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre.git@communiquons.org>
Date: Tue, 26 Mar 2024 21:50:37 +0100
Subject: [PATCH] Fix issue for unauthenticated users

---
 src/data/force_2fa_auth.rs | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/data/force_2fa_auth.rs b/src/data/force_2fa_auth.rs
index c419d55..0d27770 100644
--- a/src/data/force_2fa_auth.rs
+++ b/src/data/force_2fa_auth.rs
@@ -1,4 +1,6 @@
 use crate::data::current_user::CurrentUser;
+use crate::data::session_identity::SessionIdentity;
+use actix_identity::Identity;
 use actix_web::dev::Payload;
 use actix_web::{web, Error, FromRequest, HttpRequest};
 use std::future::Future;
@@ -18,14 +20,19 @@ impl FromRequest for Force2FAAuth {
     type Error = Error;
     type Future = Pin<Box<dyn Future<Output = Result<Self, Self::Error>>>>;
 
-    fn from_request(req: &HttpRequest, payload: &mut Payload) -> Self::Future {
+    fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
         let req = req.clone();
 
-        let query = web::Query::<Force2FAAuthQuery>::from_request(&req, payload)
-            .into_inner()
-            .unwrap();
-
         Box::pin(async move {
+            // It is impossible to force authentication for an unauthenticated user
+            let identity: Option<&Identity> = req.conn_data();
+            if !SessionIdentity(identity).is_authenticated() {
+                return Ok(Self { force: false });
+            }
+
+            let query = web::Query::<Force2FAAuthQuery>::from_request(&req, &mut Payload::None)
+                .into_inner()?;
+
             let user = CurrentUser::from_request(&req, &mut Payload::None).await?;
 
             Ok(Self {