diff --git a/src/main/java/net/siegeln/cameleer/saas/config/MfaEnforcementFilter.java b/src/main/java/net/siegeln/cameleer/saas/config/MfaEnforcementFilter.java index 7e62c69..3b6cc07 100644 --- a/src/main/java/net/siegeln/cameleer/saas/config/MfaEnforcementFilter.java +++ b/src/main/java/net/siegeln/cameleer/saas/config/MfaEnforcementFilter.java @@ -26,6 +26,9 @@ public class MfaEnforcementFilter extends OncePerRequestFilter { private static final Logger log = LoggerFactory.getLogger(MfaEnforcementFilter.class); private static final Set EXEMPT_PREFIXES = Set.of( "/api/tenant/mfa/", + "/api/account/mfa/", + "/api/account/profile", + "/api/account/password", "/api/config", "/api/me", "/api/onboarding", diff --git a/src/main/java/net/siegeln/cameleer/saas/config/SecurityConfig.java b/src/main/java/net/siegeln/cameleer/saas/config/SecurityConfig.java index c40cacb..298ffc0 100644 --- a/src/main/java/net/siegeln/cameleer/saas/config/SecurityConfig.java +++ b/src/main/java/net/siegeln/cameleer/saas/config/SecurityConfig.java @@ -45,10 +45,11 @@ public class SecurityConfig { .requestMatchers("/actuator/health").permitAll() .requestMatchers("/api/config").permitAll() .requestMatchers("/", "/index.html", "/login", "/register", "/callback", - "/vendor/**", "/tenant/**", "/onboarding", + "/vendor/**", "/tenant/**", "/onboarding", "/settings/**", "/environments/**", "/license", "/admin/**").permitAll() .requestMatchers("/_app/**", "/assets/**", "/favicon.ico", "/favicon.svg", "/logo.svg", "/logo-dark.svg").permitAll() .requestMatchers("/api/password-reset-notification").permitAll() + .requestMatchers("/api/account/**").authenticated() .requestMatchers("/api/onboarding/**").authenticated() .requestMatchers("/api/vendor/**").hasAuthority("SCOPE_platform:admin") .requestMatchers("/api/tenant/**").authenticated()