Check user session before displaying two factor seed

Two factor seed page was not properly checking for user session, allowing an authenticated user to see everyone's 2fa seed
2022-09-16 17:14:53 +02:00
parent 66ba1e18bb
commit 24d5d5744f
2 changed files with 5 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -31,6 +31,7 @@ There's a change in flash messages handling, please see #391
 - Enh #458: Multiple 2FA channels (email, sms) (acordeddu)
 - Fix #432: Fix documentation overlap by shortening page names (cgsmith)
 - Enh #472: implement module viewPath in all views instead of static file reference (tonisormisson)
+- Fix: check user before accessing 2FA code

 ## 1.5.1 April 5, 2020