-
Hi and thanks for creating this library. I am developing an app with both a After finalising all the website features, I decided to reset the database with After creating a new My My class RodauthApp < Rodauth::Rails::App
# primary configuration
configure RodauthMain
# secondary configuration
configure RodauthAdmin, :admin
route do |r|
rodauth.load_memory # autologin remembered users
r.rodauth # route rodauth requests
# ==> Authenticating requests
# Call `rodauth.require_account` for requests that you want to
# require authentication for. For example:
#
# # authenticate /dashboard/* and /account/* requests
# if r.path.start_with?("/dashboard") || r.path.start_with?("/account")
# rodauth.require_account
# end
# ==> Secondary configurations
r.rodauth(:admin) # route admin rodauth requests
if request.path.start_with?("/admin")
rodauth(:admin).require_account
end
# require MFA if the user is logged in and has MFA setup
if rodauth(:admin).uses_two_factor_authentication?
rodauth(:admin).require_two_factor_authenticated
end
end
end Did I miss a step somewhere? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 6 replies
-
Could you please post the full backtrace of the exception? It's not clear from the error message where it's coming from. |
Beta Was this translation helpful? Give feedback.
Thanks. As I suspected, the issue is in the fact that
#uses_two_factor_authentication?
method doesn't handle account record getting deleted while Rails session still has it logged in, which happened when you ranrake db:reset
.The quickest solution would be to also check for the presence of the account:
I will see if I can get a patch merged into Rodauth to make
#uses_two_factor_authentication?
handle this gracefully.