From c707ef49d9b13932f4d98c127ec3148a5cdc3479 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sun, 15 Sep 2019 21:08:39 +0200
Subject: Fix 2FA challenge and password challenge for non-database users
 (#11831)

* Fix 2FA challenge not appearing for non-database users

Fix #11685

* Fix account deletion not working when using external login

Fix #11691
---
 config/initializers/devise.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'config/initializers/devise.rb')

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index cd9bacf68..311583820 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -71,10 +71,13 @@ end
 
 Devise.setup do |config|
   config.warden do |manager|
+    manager.default_strategies(scope: :user).unshift :database_authenticatable
     manager.default_strategies(scope: :user).unshift :ldap_authenticatable if Devise.ldap_authentication
     manager.default_strategies(scope: :user).unshift :pam_authenticatable  if Devise.pam_authentication
-    manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
-    manager.default_strategies(scope: :user).unshift :two_factor_backupable
+
+    # We handle 2FA in our own sessions controller so this gets in the way
+    manager.default_strategies(scope: :user).delete :two_factor_backupable
+    manager.default_strategies(scope: :user).delete :two_factor_authenticatable
   end
 
   # The secret key used by Devise. Devise uses this key to generate
-- 
cgit