mirror of
https://github.com/discourse/discourse.git
synced 2025-05-29 00:14:17 +08:00
FIX: store information about the login method in the database. (#28054)
Previously in these 2 PRs, we introduced a new site setting `SiteSetting.enforce_second_factor_on_external_auth`. https://github.com/discourse/discourse/pull/27547 https://github.com/discourse/discourse/pull/27674 When disabled, it should enforce 2FA for local login with username and password and skip the requirement when authenticating with oauth2. We stored information about the login method in a secure session but it is not reliable. Therefore, information about the login method is moved to the database.
This commit is contained in:

committed by
GitHub

parent
0c13c91f84
commit
b64d01bc10
@ -2010,6 +2010,7 @@ RSpec.describe SessionController do
|
||||
|
||||
expect(session[:current_user_id]).to eq(user.id)
|
||||
expect(user.user_auth_tokens.count).to eq(1)
|
||||
expect(user.user_auth_tokens.last.authenticated_with_oauth).to be false
|
||||
unhashed_token = decrypt_auth_cookie(cookies[:_t])[:token]
|
||||
expect(UserAuthToken.hash_token(unhashed_token)).to eq(
|
||||
user.user_auth_tokens.first.auth_token,
|
||||
|
Reference in New Issue
Block a user