From fd518b533cc97d96327f2d6d26890d11916a5345 Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Tue, 23 Nov 2021 11:25:27 +0100
Subject: [PATCH] auth: fix re-auth 2FA error message not showing up

There was a confusing error message instead:

    [403] Access token does not have sufficient scope

Which just meant the access token was used without completing 2FA.
---
 auth/auth.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/auth/auth.go b/auth/auth.go
index 2c2dd15..1cff199 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -119,14 +119,14 @@ func authenticate(c *protonmail.Client, cachedAuth *CachedAuth, username string)
 			return nil, fmt.Errorf("cannot re-authenticate: failed to get auth info: %v", err)
 		}
 
-		if cachedAuth.TwoFactor.Enabled == 1 {
-			return nil, fmt.Errorf("cannot re-authenticate: two factor authentication enabled, please login manually")
-		}
-
 		auth, err = c.Auth(username, cachedAuth.LoginPassword, authInfo)
 		if err != nil {
 			return nil, fmt.Errorf("cannot re-authenticate: %v", err)
 		}
+
+		if auth.TwoFactor.Enabled == 1 {
+			return nil, fmt.Errorf("cannot re-authenticate: two factor authentication enabled, please login again manually")
+		}
 	} else if err != nil {
 		return nil, err
 	}