2 files changed, 8 insertions, 0 deletions

diff --git a/src/routers/vault/middlewares/account.js b/src/routers/vault/middlewares/account.js
index 5a5fa85..93c6fc8 100644
--- a/src/routers/vault/middlewares/account.js
+++ b/src/routers/vault/middlewares/account.js
@@ -28,6 +28,7 @@ const update_account = async (req, res, next) => {
         primary:  +validate.get_prop(req, "primary"),
         allow:     validate.get_prop(req, "allow") === "true",
         strict:    validate.get_prop(req, "strict") === "true",
+        2fa:       validate.get_prop(req, "2fa") === "true",
     };
 
     const update_fields = {};
@@ -62,6 +63,10 @@ const update_account = async (req, res, next) => {
         // update allow non-primary
         update_fields.strictIPCheck = data.strict;
     }
+    if (session.allow2FA !== data.2fa) {
+        // update allow 2FA auth
+        update_fields.allow2FA = data.2fa;
+    }
 
     // update SQL
     if (Object.keys(update_fields).length) {
@@ -73,6 +78,7 @@ const update_account = async (req, res, next) => {
     // now update our cache
     session.allowNonPrimary = data.allow;
     session.strictIPCheck = data.strict;
+    session.allow2FA = data.allow2FA;
 
     for (const ident of session.identities) {
         if (ident.id === session.primaryIdentity.id) {
diff --git a/src/routers/vault/middlewares/session.js b/src/routers/vault/middlewares/session.js
index 71db21c..2c3b6b8 100644
--- a/src/routers/vault/middlewares/session.js
+++ b/src/routers/vault/middlewares/session.js
@@ -156,6 +156,7 @@ const auth_session = async (req, res) => {
         session.primaryIdentity = ident;
         session.allowNonPrimary = user.allowNonPrimary;
         session.strictIPCheck = user.strictIPCheck;
+        session.allow2FA = user.allow2FA;
         session.identities.push(ident);
     } else {
         if (session.identity !== session.primaryIdentity && !session.allowNonPrimary) {
@@ -351,6 +352,7 @@ const new_session = async (req, res, next) => {
             session.primaryIdentity = primary;
             session.allowNonPrimary = account.allowNonPrimary;
             session.strictIPCheck = account.strictIPCheck;
+            session.allow2FA = account.allow2FA;
             session.identity = identity;
             req.app.locals.session.set(uuid, session);