From 9f554aadd585e357c77a22733c82f381967cac1d Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Mon, 6 Jun 2016 16:29:52 -0400 Subject: [PATCH] Fix 2FA-based login for LDAP users The OTP input form is shared by both LDAP and standard logins, but when coming from an LDAP-based form, the form parameters aren't nested in a Hash based on the `resource_name` value. Now we check for a nested `remember_me` parameter and use that if it exists, or fall back to the non-nested parameters if it doesn't. Somewhat confusingly, the OTP input form _does_ nest parameters under the `resource_name`, regardless of what type of login we're coming from, so that allows everything else to work as normal. --- app/views/devise/sessions/two_factor.html.haml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/views/devise/sessions/two_factor.html.haml b/app/views/devise/sessions/two_factor.html.haml index 9d04db2c45e..a373f61bd3c 100644 --- a/app/views/devise/sessions/two_factor.html.haml +++ b/app/views/devise/sessions/two_factor.html.haml @@ -6,7 +6,8 @@ - if @user.two_factor_otp_enabled? %h5 Authenticate via Two-Factor App = form_for(resource, as: resource_name, url: session_path(resource_name), method: :post) do |f| - = f.hidden_field :remember_me, value: params[resource_name][:remember_me] + - resource_params = params[resource_name].presence || params + = f.hidden_field :remember_me, value: resource_params.fetch(:remember_me, 0) = f.text_field :otp_attempt, class: 'form-control', placeholder: 'Two-Factor Authentication code', required: true, autofocus: true, autocomplete: 'off' %p.help-block.hint Enter the code from the two-factor app on your mobile device. If you've lost your device, you may enter one of your recovery codes. .prepend-top-20