DEV: simplify logic (#8249)

Anonymous users are only possible if allow_anonymous_posting is true,
which means that 'user.is_anonymous' check implies that
allow_anonymous_posting is true.

app/assets/javascripts/discourse/routes/preferences-second-factor.js.es6

@@ -45,7 +45,7 @@ export default RestrictedUserRoute.extend({
       if (
         transition.targetName === "preferences.second-factor" ||
         !user ||
-        (settings.allow_anonymous_posting && user.is_anonymous) ||
+        user.is_anonymous ||
         user.second_factor_enabled ||
         (settings.enforce_second_factor === "staff" && !user.staff) ||
         settings.enforce_second_factor === "no"

app/controllers/application_controller.rb

@@ -734,7 +734,7 @@ class ApplicationController < ActionController::Base
     check_totp = current_user &&
       !request.format.json? &&
       !is_api? &&
-      !(SiteSetting.allow_anonymous_posting && current_user.anonymous?) &&
+      !current_user.anonymous? &&
       ((SiteSetting.enforce_second_factor == 'staff' && current_user.staff?) ||
         SiteSetting.enforce_second_factor == 'all') &&
       !current_user.totp_enabled?