From fabe476397b7c54996f12b7595555cbdd1269dea Mon Sep 17 00:00:00 2001 From: Kian Cross Date: Fri, 29 Dec 2023 16:02:23 +0100 Subject: [PATCH] Fix redirect loop caused when both 2fa and password change are forced (#3787) --- src/pretix/control/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pretix/control/middleware.py b/src/pretix/control/middleware.py index b5d995c28..d40a27f3a 100644 --- a/src/pretix/control/middleware.py +++ b/src/pretix/control/middleware.py @@ -139,7 +139,7 @@ class PermissionMiddleware: return redirect_to_url(reverse('control:user.settings') + '?next=' + quote(request.get_full_path())) if not request.user.require_2fa and settings.PRETIX_OBLIGATORY_2FA \ - and url_name not in self.EXCEPTIONS_2FA: + and url_name not in self.EXCEPTIONS_2FA and not request.user.needs_password_change: return redirect_to_url(reverse('control:user.settings.2fa')) if 'event' in url.kwargs and 'organizer' in url.kwargs: