fix(auth): use explicit user_uid in login flow instead of context.user()
The login function calls auth_2fa_status before set_user(user.uid), so context.user() returns None and causes Unauthorized error on subsequent logins after logout. Extracts auth_2fa_status_by_uid as an internal helper accepting a Uuid, preserving the context-based wrapper for API endpoints that require an authenticated user.
This commit is contained in:
ZhenYi
parent
2a2600859f
commit
b693bd6beb
@ -60,7 +60,7 @@ impl AppService {
|
||||
return Err(AppError::InvalidTwoFactorCode);
|
||||
}
|
||||
}
|
||||
} else if !self.auth_2fa_status(&context).await?.is_enabled {
|
||||
} else if !self.auth_2fa_status_by_uid(user.uid).await?.is_enabled {
|
||||
let user_uid = user.uid;
|
||||
let mut rng = rand::rng();
|
||||
let mut sha = sha1::Sha1::default();
|
||||
|
||||
@ -216,12 +216,11 @@ impl AppService {
|
||||
Ok(false)
|
||||
}
|
||||
|
||||
pub async fn auth_2fa_status(
|
||||
/// Look up 2FA status by explicit user_uid. Used in login flow where session.user is not set yet.
|
||||
pub async fn auth_2fa_status_by_uid(
|
||||
&self,
|
||||
context: &Session,
|
||||
user_uid: Uuid,
|
||||
) -> Result<Get2FAStatusResponse, AppError> {
|
||||
let user_uid = context.user().ok_or(AppError::Unauthorized)?;
|
||||
|
||||
let two_fa = user_2fa::Entity::find_by_id(user_uid).one(&self.db).await?;
|
||||
|
||||
match two_fa {
|
||||
@ -242,6 +241,15 @@ impl AppService {
|
||||
}
|
||||
}
|
||||
|
||||
/// Look up 2FA status from session context (requires authenticated user).
|
||||
pub async fn auth_2fa_status(
|
||||
&self,
|
||||
context: &Session,
|
||||
) -> Result<Get2FAStatusResponse, AppError> {
|
||||
let user_uid = context.user().ok_or(AppError::Unauthorized)?;
|
||||
self.auth_2fa_status_by_uid(user_uid).await
|
||||
}
|
||||
|
||||
pub async fn auth_2fa_verify_login(
|
||||
&self,
|
||||
context: &Session,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user