6 лет назад · 3e983d3bfa
--- a/api/config/default.php
+++ b/api/config/default.php
@@ -241,5 +241,6 @@ return array(
 
				 	'homepagePlexRecentlyAddedMethod' => 'legacy',
			
 
				 	'authProxyEnabled' => false,
			
 
				 	'authProxyHeaderName' => '',
			
 
				-	'authProxyWhitelist' => ''
			
 
				+	'authProxyWhitelist' => '',
			
 
				+	'ignoreTFALocal' => false
			
 
				 );
			
--- a/api/functions/api-functions.php
+++ b/api/functions/api-functions.php
@@ -188,15 +188,22 @@ function login($array)
 
				 				}
			
 
				 				// 2FA might go here
			
 
				 				if ($result['auth_service'] !== 'internal' && strpos($result['auth_service'], '::') !== false) {
			
 
				-					$TFA = explode('::', $result['auth_service']);
			
 
				-					// Is code with login info?
			
 
				-					if ($tfaCode == '') {
			
 
				-						return '2FA';
			
 
				-					} else {
			
 
				-						if (!verify2FA($TFA[1], $tfaCode, $TFA[0])) {
			
 
				-							writeLoginLog($username, 'error');
			
 
				-							writeLog('error', 'Login Function - Wrong 2FA', $username);
			
 
				-							return '2FA-incorrect';
			
 
				+					$tfaProceed = true;
			
 
				+					// Add check for local or not
			
 
				+					if($GLOBALS['ignoreTFALocal'] !== false) {
			
 
				+						$tfaProceed = (isLocal()) ? false : true;
			
 
				+					}
			
 
				+					if($tfaProceed) {
			
 
				+						$TFA = explode('::', $result['auth_service']);
			
 
				+						// Is code with login info?
			
 
				+						if ($tfaCode == '') {
			
 
				+							return '2FA';
			
 
				+						} else {
			
 
				+							if (!verify2FA($TFA[1], $tfaCode, $TFA[0])) {
			
 
				+								writeLoginLog($username, 'error');
			
 
				+								writeLog('error', 'Login Function - Wrong 2FA', $username);
			
 
				+								return '2FA-incorrect';
			
 
				+							}
			
 
				 						}
			
 
				 					}
			
 
				 				}
			
--- a/api/functions/organizr-functions.php
+++ b/api/functions/organizr-functions.php
@@ -604,6 +604,13 @@ function getSettingsMain()
 
				 				'value' => $GLOBALS['plexStrictFriends'],
			
 
				 				'help' => 'Enabling this will only allow Friends that have shares to the Machine ID entered above to login, Having this disabled will allow all Friends on your Friends list to login'
			
 
				 			),
			
 
				+			array(
			
 
				+				'type' => 'switch',
			
 
				+				'name' => 'ignoreTFALocal',
			
 
				+				'label' => 'Ignore External 2FA on Local Subnet',
			
 
				+				'value' => $GLOBALS['ignoreTFALocal'],
			
 
				+				'help' => 'Enabling this will bypass external 2FA security if user is on local Subnet'
			
 
				+			),
			
 
				 			array(
			
 
				 				'type' => 'input',
			
 
				 				'name' => 'authBackendHost',