From 182558136a149e20725285607a6b491f8727cea6 Mon Sep 17 00:00:00 2001 From: Abdullah Atta Date: Wed, 30 Apr 2025 11:48:50 +0500 Subject: [PATCH] identify: validate mfa methods against user's enabled methods --- .../Validation/CustomResourceOwnerValidator.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Streetwriters.Identity/Validation/CustomResourceOwnerValidator.cs b/Streetwriters.Identity/Validation/CustomResourceOwnerValidator.cs index e87e4cd..6ae6e1b 100644 --- a/Streetwriters.Identity/Validation/CustomResourceOwnerValidator.cs +++ b/Streetwriters.Identity/Validation/CustomResourceOwnerValidator.cs @@ -84,7 +84,7 @@ namespace Streetwriters.Identity.Validation var mfaCode = context.Request.Raw["mfa:code"]; var mfaMethod = context.Request.Raw["mfa:method"]; - if (string.IsNullOrEmpty(mfaCode) || !MFAService.IsValidMFAMethod(mfaMethod)) + if (string.IsNullOrEmpty(mfaCode) || !MFAService.IsValidMFAMethod(mfaMethod, user)) { var sendPhoneNumber = primaryMethod == MFAMethods.SMS || secondaryMethod == MFAMethods.SMS;