From a1f04c1e3497e9dff5970038461d9f454f2650df Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 24 Sep 2019 04:35:36 +0200
Subject: Fix authentication before 2FA challenge (#11943)

Regression from #11831
---
 config/initializers/devise.rb | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'config/initializers/devise.rb')

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 311583820..fd9a5a8b9 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -71,13 +71,10 @@ end
 
 Devise.setup do |config|
   config.warden do |manager|
-    manager.default_strategies(scope: :user).unshift :database_authenticatable
-    manager.default_strategies(scope: :user).unshift :ldap_authenticatable if Devise.ldap_authentication
-    manager.default_strategies(scope: :user).unshift :pam_authenticatable  if Devise.pam_authentication
-
-    # We handle 2FA in our own sessions controller so this gets in the way
-    manager.default_strategies(scope: :user).delete :two_factor_backupable
-    manager.default_strategies(scope: :user).delete :two_factor_authenticatable
+    manager.default_strategies(scope: :user).unshift :two_factor_ldap_authenticatable if Devise.ldap_authentication
+    manager.default_strategies(scope: :user).unshift :two_factor_pam_authenticatable  if Devise.pam_authentication
+    manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
+    manager.default_strategies(scope: :user).unshift :two_factor_backupable
   end
 
   # The secret key used by Devise. Devise uses this key to generate
-- 
cgit