summaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
authorGo MAEDA <maeda@farend.jp>2021-07-15 01:44:05 +0000
committerGo MAEDA <maeda@farend.jp>2021-07-15 01:44:05 +0000
commit8f0d358533b97f02ce59896b9414fe31e88682d7 (patch)
tree3546c4955b36bb5858e67e9ea0f1d761521d9a4d /app/controllers
parent9fcf5af844ec223675cee32c2c52947be2f0669f (diff)
downloadredmine-8f0d358533b97f02ce59896b9414fe31e88682d7.tar.gz
redmine-8f0d358533b97f02ce59896b9414fe31e88682d7.zip
User sessions not reset after 2FA activation (#35417).
Patch by Felix Schäfer. git-svn-id: http://svn.redmine.org/redmine/trunk@21069 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/twofa_controller.rb2
1 files changed, 2 insertions, 0 deletions
diff --git a/app/controllers/twofa_controller.rb b/app/controllers/twofa_controller.rb
index 058388907..87f65e826 100644
--- a/app/controllers/twofa_controller.rb
+++ b/app/controllers/twofa_controller.rb
@@ -47,6 +47,8 @@ class TwofaController < ApplicationController
def activate
if @twofa.confirm_pairing!(params[:twofa_code].to_s)
+ # The session token was destroyed by the twofa pairing, generate a new one
+ session[:tk] = @user.generate_session_token
flash[:notice] = l('twofa_activated', bc_path: my_twofa_backup_codes_init_path)
redirect_to my_account_path
else