Commit 5602dc44 authored by Benjamin Neff's avatar Benjamin Neff

Use username parameter first if present

this makes sure we don't use an old otp_user_id from an old session

closes #8031
parent 88e35d3f
......@@ -5,6 +5,7 @@
## Bug fixes
* Improve handling of mixed case hostnames while fetching OpenGraph data [#8021](https://github.com/diaspora/diaspora/pull/8021)
* Fix "remember me" with two factor authentication enabled [#8031](https://github.com/diaspora/diaspora/pull/8031)
## Features
* Add line mentioning diaspora\* on the splash page [#7966](https://github.com/diaspora/diaspora/pull/7966)
......
......@@ -12,9 +12,9 @@ class SessionsController < Devise::SessionsController
# rubocop:enable Rails/LexicallyScopedActionFilter
def find_user
return User.find(session[:otp_user_id]) if session[:otp_user_id]
return User.find_for_authentication(username: params[:user][:username]) if params[:user][:username]
User.find_for_authentication(username: params[:user][:username]) if params[:user][:username]
User.find(session[:otp_user_id]) if session[:otp_user_id]
end
def authenticate_with_2fa
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment