fix(security): don't automatically sign in after reset password when 2FA is enabled

2023-10-27 11:39:33 +02:00 · 2023-10-27 11:39:33 +02:00 · 19ffb43686
commit 19ffb43686
parent 197866159c
1 changed files with 1 additions and 1 deletions
--- a/app/models/super_admin.rb
+++ b/app/models/super_admin.rb
@ -3,7 +3,7 @@ class SuperAdmin < ApplicationRecord

  devise :rememberable, :trackable, :validatable, :lockable, :recoverable
  if SUPER_ADMIN_OTP_ENABLED
-    devise :two_factor_authenticatable, :otp_secret_encryption_key => Rails.application.secrets.otp_secret_key
+    devise :two_factor_authenticatable, otp_secret_encryption_key: Rails.application.secrets.otp_secret_key, sign_in_after_reset_password: false
  else
    devise :database_authenticatable
  end