github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 02:19:27 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
3ad2fd032b
discourse/app/services/user_authenticator.rb
Krzysztof Kotlarek b90b56f953
FIX: do not enforce 2fa when an account is created with OAuth (#28625) 
In this PR we introduced a new setting `enforce_second_factor_on_external_auth` which disables enforce 2FA when the user is authenticated with an external provider.

https://github.com/discourse/discourse/pull/27506

However, with the first registration with an external provider, we authenticate the user right after activation. In that case, we need to also keep information that the user was authenticated with an external OAuth provider.
2024-08-29 11:19:04 +10:00

72 lines
1.6 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
class UserAuthenticator
def initialize(
user,
session,
authenticator_finder: Users::OmniauthCallbacksController,
require_password: true
)
@user = user
@session = session
if session&.dig(:authentication) && session[:authentication].is_a?(Hash)
@auth_result = Auth::Result.from_session_data(session[:authentication], user: user)
end
@authenticator_finder = authenticator_finder
@require_password = require_password
end
def start
if authenticated?
@user.active = true
@auth_result.apply_user_attributes!
elsif @require_password
@user.password_required!
end
@user.skip_email_validation = true if @auth_result && @auth_result.skip_email_validation
end
def has_authenticator?
!!authenticator
end
def finish
if authenticator
authenticator.after_create_account(@user, @auth_result)
confirm_email
end
if @session&.dig(:authentication)
@session[:authentication] = @auth_result = nil
@session[:authenticated_with_oauth] = true
end
end
def email_valid?
@auth_result&.email_valid
end
def authenticated?
return false if !@auth_result
return false if @auth_result&.email&.downcase != @user.email.downcase
return false if !@auth_result.email_valid
true
end
private
def confirm_email
@user.activate if authenticated?
end
def authenticator
if authenticator_name
@authenticator ||= @authenticator_finder.find_authenticator(authenticator_name)
end
end
def authenticator_name
@auth_result&.authenticator_name
end
end
Reference in New Issue View Git Blame Copy Permalink