From 644278441892c0c65178d7b92525256956599f1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alberto=20Miedes=20Garc=C3=A9s?= <albertomg994@gmail.com>
Date: Thu, 30 Apr 2020 16:40:37 +0200
Subject: [PATCH] Remove exception for MFA

---
 lib/carto/authentication_manager.rb           |  5 +----
 spec/lib/carto/authentication_manager_spec.rb | 12 ------------
 2 files changed, 1 insertion(+), 16 deletions(-)

diff --git a/lib/carto/authentication_manager.rb b/lib/carto/authentication_manager.rb
index 35895adca976..305bf0ada618 100644
--- a/lib/carto/authentication_manager.rb
+++ b/lib/carto/authentication_manager.rb
@@ -15,10 +15,7 @@ def self.session_security_token_valid?(warden_context, user)
 
       return false unless session.key?(:sec_token)
 
-      if session[:sec_token] != user.security_token
-        user.user_multifactor_auths.any? ? (return false) : (raise Carto::ExpiredSessionError)
-      end
-
+      raise Carto::ExpiredSessionError if session[:sec_token] != user.security_token
       true
     rescue Warden::NotAuthenticated
       false
diff --git a/spec/lib/carto/authentication_manager_spec.rb b/spec/lib/carto/authentication_manager_spec.rb
index a50da515f24c..057f03223041 100644
--- a/spec/lib/carto/authentication_manager_spec.rb
+++ b/spec/lib/carto/authentication_manager_spec.rb
@@ -45,18 +45,6 @@ module Carto
 
         it { should be_false }
       end
-
-      context "when security token does not match but using multifactor authentication" do
-        let(:session) { { sec_token: 'old-security-token' } }
-
-        before do
-          create(:totp, :active, user_id: user.id)
-          request.expects(:reset_session)
-          warden_context.expects(:session).returns(session)
-        end
-
-        it { should be_false }
-      end
     end
 
   end