From e68eab44b0c7dc1e8b914d761118117e7c0bdd68 Mon Sep 17 00:00:00 2001
From: Son NK <>
Date: Fri, 8 May 2020 20:23:13 +0200
Subject: [PATCH] allow user who has TOTP enabled to continue using the mobile
 app

---
 app/api/views/auth.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/api/views/auth.py b/app/api/views/auth.py
index df5ed749..e85dd017 100644
--- a/app/api/views/auth.py
+++ b/app/api/views/auth.py
@@ -56,7 +56,9 @@ def auth_login():
     elif not user.activated:
         return jsonify(error="Account not activated"), 400
     elif user.fido_enabled():
-        return jsonify(error="Currently we don't support FIDO on mobile yet"), 403
+        # allow user who has TOTP enabled to continue using the mobile app
+        if not user.enable_otp:
+            return jsonify(error="Currently we don't support FIDO on mobile yet"), 403
 
     return jsonify(**auth_payload(user, device)), 200