feat(core): Allow enforcement of MFA usage on instance (#16556)

Co-authored-by: Marc Littlemore <marc@n8n.io> Co-authored-by: Csaba Tuncsik <csaba.tuncsik@gmail.com>
2025-12-18 02:21:13 +00:00 · 2025-07-02 11:03:10 +02:00
parent 060acd2db8
commit 657e5a3b3a
56 changed files with 619 additions and 88 deletions
--- a/packages/@n8n/decorators/src/controller/route.ts
+++ b/packages/@n8n/decorators/src/controller/route.ts
@@ -9,6 +9,8 @@ interface RouteOptions {
 	usesTemplates?: boolean;
 	/** When this flag is set to true, auth cookie isn't validated, and req.user will not be set */
 	skipAuth?: boolean;
+	/** When this flag is set to true, the auth cookie does not enforce MFA to be used in the token */
+	allowSkipMFA?: boolean;
 	/** When these options are set, calls to this endpoint are rate limited using the options */
 	rateLimit?: boolean | RateLimit;
 }
@@ -26,6 +28,7 @@ const RouteFactory =
 		routeMetadata.middlewares = options.middlewares ?? [];
 		routeMetadata.usesTemplates = options.usesTemplates ?? false;
 		routeMetadata.skipAuth = options.skipAuth ?? false;
+		routeMetadata.allowSkipMFA = options.allowSkipMFA ?? false;
 		routeMetadata.rateLimit = options.rateLimit;
 	};

--- a/packages/@n8n/decorators/src/controller/types.ts
+++ b/packages/@n8n/decorators/src/controller/types.ts
@@ -33,6 +33,7 @@ export interface RouteMetadata {
 	middlewares: RequestHandler[];
 	usesTemplates: boolean;
 	skipAuth: boolean;
+	allowSkipMFA: boolean;
 	rateLimit?: boolean | RateLimit;
 	licenseFeature?: BooleanLicenseFeature;
 	accessScope?: AccessScope;