FIX: store information about the login method in the database. (#28054)

Previously in these 2 PRs, we introduced a new site setting `SiteSetting.enforce_second_factor_on_external_auth`.

https://github.com/discourse/discourse/pull/27547
https://github.com/discourse/discourse/pull/27674

When disabled, it should enforce 2FA for local login with username and password and skip the requirement when authenticating with oauth2.

We stored information about the login method in a secure session but it is not reliable. Therefore, information about the login method is moved to the database.
This commit is contained in:
Krzysztof Kotlarek
2024-07-24 17:19:58 +10:00
committed by GitHub
parent 0c13c91f84
commit b64d01bc10
10 changed files with 33 additions and 23 deletions

View File

@ -2010,6 +2010,7 @@ RSpec.describe SessionController do
expect(session[:current_user_id]).to eq(user.id)
expect(user.user_auth_tokens.count).to eq(1)
expect(user.user_auth_tokens.last.authenticated_with_oauth).to be false
unhashed_token = decrypt_auth_cookie(cookies[:_t])[:token]
expect(UserAuthToken.hash_token(unhashed_token)).to eq(
user.user_auth_tokens.first.auth_token,