From 202c383d8dc23ff3c0633fff99bd7da95397fe3a Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Tue, 9 May 2017 07:48:57 -0500
Subject: Fix MFA enforcement on login and page load (#6356)

---
 api4/user.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'api4/user.go')

diff --git a/api4/user.go b/api4/user.go
index 1436808cd..d06dd2882 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -41,8 +41,8 @@ func InitUser() {
 	BaseRoutes.Users.Handle("/email/verify/send", ApiHandler(sendVerificationEmail)).Methods("POST")
 
 	BaseRoutes.Users.Handle("/mfa", ApiHandler(checkUserMfa)).Methods("POST")
-	BaseRoutes.User.Handle("/mfa", ApiSessionRequired(updateUserMfa)).Methods("PUT")
-	BaseRoutes.User.Handle("/mfa/generate", ApiSessionRequired(generateMfaSecret)).Methods("POST")
+	BaseRoutes.User.Handle("/mfa", ApiSessionRequiredMfa(updateUserMfa)).Methods("PUT")
+	BaseRoutes.User.Handle("/mfa/generate", ApiSessionRequiredMfa(generateMfaSecret)).Methods("POST")
 
 	BaseRoutes.Users.Handle("/login", ApiHandler(login)).Methods("POST")
 	BaseRoutes.Users.Handle("/login/switch", ApiHandler(switchAccountType)).Methods("POST")
-- 
cgit v1.2.3-1-g7c22