From c87c55bb35f3c20b8a4116cf5298628f7339b042 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Fri, 20 Apr 2018 12:21:48 +0300
Subject: Add 2FA filter to users API for admins only

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 lib/api/users.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/api/users.rb b/lib/api/users.rb
index 3920171205f..14b8a796c8e 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -77,7 +77,7 @@ module API
         authenticated_as_admin! if params[:external].present? || (params[:extern_uid].present? && params[:provider].present?)
 
         unless current_user&.admin?
-          params.except!(:created_after, :created_before, :order_by, :sort)
+          params.except!(:created_after, :created_before, :order_by, :sort, :two_factor)
         end
 
         users = UsersFinder.new(current_user, params).execute
-- 
cgit v1.2.1