From aed196c542258b9a22e644068dbd2826fc47c4b5 Mon Sep 17 00:00:00 2001
From: HDVinnie <hdinnovations@protonmail.com>
Date: Wed, 17 Nov 2021 09:24:27 -0500
Subject: [PATCH] security: improper authorization

- huntr
- 2FA bypass in chat functions due to missing middleware
---
 routes/vue.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routes/vue.php b/routes/vue.php
index 97bd30cba4..d784e4865e 100644
--- a/routes/vue.php
+++ b/routes/vue.php
@@ -20,7 +20,7 @@
 |--------------------------------------------------------------------------
 */
 
-Route::group(['middleware' => ['auth', 'banned']], function () {
+Route::group(['middleware' => ['auth', 'twostep', 'banned']], function () {
     Route::prefix('chat')->group(function () {
         Route::get('/config', [App\Http\Controllers\API\ChatController::class, 'config']);