Do not let login message clobber MFA

This commit is contained in:
garrettmills 2020-08-12 22:13:46 -05:00
parent f1bd6e1ad4
commit c7f6172d56
No known key found for this signature in database
GPG Key ID: 6ACD58D6ADACFC6E

View File

@ -608,7 +608,7 @@ class AuthController extends Controller {
// If there are login messages, show those
const LoginMessage = this.models.get('LoginMessage')
const messages = await LoginMessage.for_user(user)
if ( messages.length > 0 ) {
if ( !req.trap.has_trap('mfa_challenge') && messages.length > 0 ) {
await req.trap.begin('login_message', { session_only: true })
}
@ -688,8 +688,18 @@ class AuthController extends Controller {
if ( is_valid ) {
if ( req.trap.has_trap('mfa_challenge') )
await req.trap.end()
// If there are login messages, show those
const LoginMessage = this.models.get('LoginMessage')
const messages = await LoginMessage.for_user(req.user)
if ( messages.length > 0 ) {
await req.trap.begin('login_message', { session_only: true })
}
next_destination = req.session.auth.flow || this.configs.get('auth.default_login_route')
delete req.session.auth.flow
if ( messages.length < 1 )
delete req.session.auth.flow
}
req.session.mfa_remember = true