FEATURE: Allow connecting associated accounts when two-factor is enabled (#6754)

Previously the 'reconnect' process was a bit magic - IF you were already logged into discourse, and followed the auth flow, your account would be reconnected and you would be 'logged in again'. Now, we explicitly check for a reconnect=true parameter when the flow is started, store it in the session, and then only follow the reconnect logic if that variable is present. Setting this parameter also skips the 'logged in again' step, which means reconnect now works with 2fa enabled.
2025-05-23 13:31:18 +08:00 · 2018-12-11 13:19:00 +00:00
parent 285ff3bfbd
commit c7c56af397
5 changed files with 106 additions and 5 deletions
--- a/lib/middleware/omniauth_bypass_middleware.rb
+++ b/lib/middleware/omniauth_bypass_middleware.rb
@ -17,6 +17,12 @@ class Middleware::OmniauthBypassMiddleware
        authenticator.register_middleware(self)
      end
    end
+
+    @omniauth.before_request_phase do |env|
+      # If the user is trying to reconnect to an existing account, store in session
+      request = ActionDispatch::Request.new(env)
+      request.session[:auth_reconnect] = !!request.params["reconnect"]
+    end
  end

  def call(env)