diff options
author | Go MAEDA <maeda@farend.jp> | 2021-07-15 01:44:05 +0000 |
---|---|---|
committer | Go MAEDA <maeda@farend.jp> | 2021-07-15 01:44:05 +0000 |
commit | 8f0d358533b97f02ce59896b9414fe31e88682d7 (patch) | |
tree | 3546c4955b36bb5858e67e9ea0f1d761521d9a4d /app/controllers | |
parent | 9fcf5af844ec223675cee32c2c52947be2f0669f (diff) | |
download | redmine-8f0d358533b97f02ce59896b9414fe31e88682d7.tar.gz redmine-8f0d358533b97f02ce59896b9414fe31e88682d7.zip |
User sessions not reset after 2FA activation (#35417).
Patch by Felix Schäfer.
git-svn-id: http://svn.redmine.org/redmine/trunk@21069 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/twofa_controller.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/app/controllers/twofa_controller.rb b/app/controllers/twofa_controller.rb index 058388907..87f65e826 100644 --- a/app/controllers/twofa_controller.rb +++ b/app/controllers/twofa_controller.rb @@ -47,6 +47,8 @@ class TwofaController < ApplicationController def activate if @twofa.confirm_pairing!(params[:twofa_code].to_s) + # The session token was destroyed by the twofa pairing, generate a new one + session[:tk] = @user.generate_session_token flash[:notice] = l('twofa_activated', bc_path: my_twofa_backup_codes_init_path) redirect_to my_account_path else |