Delete correct key from `session` after authenticating using U2F

8bfae74e · Douwe Maan · 86f5a4aa · 8bfae74e
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

app/controllers/concerns/authenticates_with_two_factor.rb app/controllers/concerns/authenticates_with_two_factor.rb +1 -1

未找到文件。
--- a/app/controllers/concerns/authenticates_with_two_factor.rb
+++ b/app/controllers/concerns/authenticates_with_two_factor.rb
@@ -69,7 +69,7 @@ module AuthenticatesWithTwoFactor
    if U2fRegistration.authenticate(user, u2f_app_id, user_params[:device_response], session[:challenge])
      # Remove any lingering user data from login
      session.delete(:otp_user_id)
-      session.delete(:challenges)
+      session.delete(:challenge)

      remember_me(user) if user_params[:remember_me] == '1'
      sign_in(user)