Remove exception for MFA

CartoDB · Apr 30, 2020 · 6442784 · 6442784
1 parent 82f7c8a
commit 6442784
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 16 deletions.
diff --git a/lib/carto/authentication_manager.rb b/lib/carto/authentication_manager.rb
@@ -15,10 +15,7 @@ def self.session_security_token_valid?(warden_context, user)
 
       return false unless session.key?(:sec_token)
 
-      if session[:sec_token] != user.security_token
-        user.user_multifactor_auths.any? ? (return false) : (raise Carto::ExpiredSessionError)
-      end
-
+      raise Carto::ExpiredSessionError if session[:sec_token] != user.security_token
       true
     rescue Warden::NotAuthenticated
       false

diff --git a/spec/lib/carto/authentication_manager_spec.rb b/spec/lib/carto/authentication_manager_spec.rb
@@ -45,18 +45,6 @@ module Carto
 
         it { should be_false }
       end
-
-      context "when security token does not match but using multifactor authentication" do
-        let(:session) { { sec_token: 'old-security-token' } }
-
-        before do
-          create(:totp, :active, user_id: user.id)
-          request.expects(:reset_session)
-          warden_context.expects(:session).returns(session)
-        end
-
-        it { should be_false }
-      end
     end
 
   end