Add FirefoxAccounts social connection type to the possible matches, same

level as GitHub (2FA enforcement available)
mozilla-iam · Mar 29, 2018 · 0ab76ed · 0ab76ed
1 parent e7b8bac
commit 0ab76ed
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/rules/Force-MFA-setup-for-social-logins.js b/rules/Force-MFA-setup-for-social-logins.js
@@ -3,7 +3,7 @@ function (user, context, callback) {
     // Force MFA for GitHub logins
     console.log('GitHub user not allowed to log in because 2FA was disabled on the account: '+user.user_id);
     return callback(null, user, global.postError('githubrequiremfa', context));
-  } else if ((context.connection === 'github') && (!user.fxa_twoFactorAuthentication)) {
+  } else if ((context.connection === 'firefoxaccounts') && (!user.fxa_twoFactorAuthentication)) {
     // Force MFA for Firefox Accounts (FxA) logins
     // Note FxA also provides the standard amrValues which can be used to specify which 2FA we want to allow.
     // Right now we trust FxA to make this choice for us (which is, require TOTP for user.fxa_twoFactorAuthentication to

diff --git a/rules/force-users-login-most-secure-method.js b/rules/force-users-login-most-secure-method.js
@@ -48,6 +48,7 @@ var WHITELIST = ['HvN5D3R64YNNhvcHKuMKny1O0KJZOOwH', // mozillians.org account v
   // Lower is better
   var matchOrder = {'ad': 0,
                     'github': 1,
+                    'firefoxaccounts': 1,
                     'google-oauth2': 2,
                     'email': 3
                    };