Fix 2FA challenge and password challenge for non-database users (#11831)

* Fix 2FA challenge not appearing for non-database users Fix #11685 * Fix account deletion not working when using external login Fix #11691
2019-09-15 21:08:39 +02:00 · 2019-09-15 21:08:39 +02:00 · c707ef49d9
commit c707ef49d9
parent 1511638975
7 changed files with 66 additions and 61 deletions
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -71,10 +71,13 @@ end

 Devise.setup do |config|
  config.warden do |manager|
+    manager.default_strategies(scope: :user).unshift :database_authenticatable
    manager.default_strategies(scope: :user).unshift :ldap_authenticatable if Devise.ldap_authentication
    manager.default_strategies(scope: :user).unshift :pam_authenticatable  if Devise.pam_authentication
-    manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
-    manager.default_strategies(scope: :user).unshift :two_factor_backupable
+
+    # We handle 2FA in our own sessions controller so this gets in the way
+    manager.default_strategies(scope: :user).delete :two_factor_backupable
+    manager.default_strategies(scope: :user).delete :two_factor_authenticatable
  end

  # The secret key used by Devise. Devise uses this key to generate
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -632,8 +632,9 @@ en:
      x_months: "%{count}mo"
      x_seconds: "%{count}s"
  deletes:
-    bad_password_msg: The password you entered was incorrect
+    challenge_not_passed: The information you entered was not correct
    confirm_password: Enter your current password to verify your identity
+    confirm_username: Enter your username to confirm the procedure
    proceed: Delete account
    success_msg: Your account was successfully deleted
    warning: