diff --git a/src/api/core/two_factor/mod.rs b/src/api/core/two_factor/mod.rs index 74d5b1a288f..d2df703bb1b 100644 --- a/src/api/core/two_factor/mod.rs +++ b/src/api/core/two_factor/mod.rs @@ -210,13 +210,9 @@ pub async fn enforce_2fa_policy_for_org( conn: &mut DbConn, ) -> EmptyResult { let org = Organization::find_by_uuid(org_uuid, conn).await.unwrap(); - for member in UserOrganization::find_by_org(org_uuid, conn).await.into_iter() { + for member in UserOrganization::find_confirmed_by_org(org_uuid, conn).await.into_iter() { // Don't enforce the policy for Admins and Owners. - // Invited users will get an error when they try to accept the invite. - if member.atype < UserOrgType::Admin - && member.status != UserOrgStatus::Invited as i32 - && TwoFactor::find_by_user(&member.user_uuid, conn).await.is_empty() - { + if member.atype < UserOrgType::Admin && TwoFactor::find_by_user(&member.user_uuid, conn).await.is_empty() { if CONFIG.mail_enabled() { let user = User::find_by_uuid(&member.user_uuid, conn).await.unwrap(); mail::send_2fa_removed_from_org(&user.email, &org.name).await?; diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs index 534dbce8ba9..aece84d88bf 100644 --- a/src/db/models/organization.rs +++ b/src/db/models/organization.rs @@ -665,6 +665,16 @@ impl UserOrganization { }} } + pub async fn find_confirmed_by_org(org_uuid: &str, conn: &mut DbConn) -> Vec { + db_run! { conn: { + users_organizations::table + .filter(users_organizations::org_uuid.eq(org_uuid)) + .filter(users_organizations::status.eq(UserOrgStatus::Confirmed as i32)) + .load::(conn) + .unwrap_or_default().from_db() + }} + } + pub async fn count_by_org(org_uuid: &str, conn: &mut DbConn) -> i64 { db_run! { conn: { users_organizations::table