From ff9345fbb0bff0eb72c4a68de6a70a01b0525b80 Mon Sep 17 00:00:00 2001 From: Bianca Nenciu Date: Tue, 29 Oct 2019 12:10:27 +0200 Subject: [PATCH] DEV: simplify logic (#8249) Anonymous users are only possible if allow_anonymous_posting is true, which means that 'user.is_anonymous' check implies that allow_anonymous_posting is true. --- .../discourse/routes/preferences-second-factor.js.es6 | 2 +- app/controllers/application_controller.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/assets/javascripts/discourse/routes/preferences-second-factor.js.es6 b/app/assets/javascripts/discourse/routes/preferences-second-factor.js.es6 index 763460bc239..cae63a67073 100644 --- a/app/assets/javascripts/discourse/routes/preferences-second-factor.js.es6 +++ b/app/assets/javascripts/discourse/routes/preferences-second-factor.js.es6 @@ -45,7 +45,7 @@ export default RestrictedUserRoute.extend({ if ( transition.targetName === "preferences.second-factor" || !user || - (settings.allow_anonymous_posting && user.is_anonymous) || + user.is_anonymous || user.second_factor_enabled || (settings.enforce_second_factor === "staff" && !user.staff) || settings.enforce_second_factor === "no" diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 26a1bdf1757..1cd6bd39e50 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -734,7 +734,7 @@ class ApplicationController < ActionController::Base check_totp = current_user && !request.format.json? && !is_api? && - !(SiteSetting.allow_anonymous_posting && current_user.anonymous?) && + !current_user.anonymous? && ((SiteSetting.enforce_second_factor == 'staff' && current_user.staff?) || SiteSetting.enforce_second_factor == 'all') && !current_user.totp_enabled?