Task "users:disable_2fa" does not disable security keys

If the user has security keys, they are not deleted, so the user still can’t log in.

Unless UserSecondFactor is broken somehow, which seems unlikely, the security keys also need to be deleted, something like this:

UserSecurityKey.where(user_id: user.id).destroy_all

Sure seems like a reasonable improvement to the task, can you send a PR?

1 Like

If it were just just one line I’d have done it already, but I’ll really need to create a test or two, which is more daunting (and 4 the work!)

But maybe I can be a big boy.

Just one test that creates a 2fa key and then makes sure it gets cleared? And I guess there’s coffee to create a dummy key in the 2fa code somewhere?


Well, it doesn’t seem that there are any specs for this take task, so it’s just the single line:

1 Like

This topic was automatically closed after 4 days. New replies are no longer allowed.