From 0ea3c89576e1d42e5b74a86ee1a8cb69bd8addbb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Janko=20Marohni=C4=87?= <janko.marohnic@gmail.com>
Date: Sun, 17 Nov 2024 16:30:15 +0100
Subject: [PATCH] Add method that returns whether 2FA is satisfied

---
 demo-site/views/index.erb               |  6 +++---
 lib/rodauth/features/two_factor_base.rb | 19 ++++++-------------
 2 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/demo-site/views/index.erb b/demo-site/views/index.erb
index 35d18465..47a1653e 100644
--- a/demo-site/views/index.erb
+++ b/demo-site/views/index.erb
@@ -16,10 +16,10 @@
     <% if rodauth.logged_in_via_remember_key? %>
       <li><a href="/confirm-password">Confirm Password</a></li>
     <% end %>
-    <% if rodauth.uses_two_factor_authentication? && !rodauth.two_factor_authenticated? %>
-      <li><a href="/multifactor-auth">Authenticate Using Additional Factor</a></li>
-    <% else %>
+    <% if rodauth.two_factor_authentication_satisfied? %>
       <li><a href="/multifactor-manage">Manage Multifactor Authentication</a></li>
+    <% else %>
+      <li><a href="/multifactor-auth">Authenticate Using Additional Factor</a></li>
     <% end %>
   </ul>
 <% else %>
diff --git a/lib/rodauth/features/two_factor_base.rb b/lib/rodauth/features/two_factor_base.rb
index 250845fb..75721214 100644
--- a/lib/rodauth/features/two_factor_base.rb
+++ b/lib/rodauth/features/two_factor_base.rb
@@ -124,23 +124,12 @@ def two_factor_modifications_require_password?
     end
 
     def authenticated?
-      # False if not authenticated via single factor
-      return false unless super
-
-      # True if already authenticated via 2nd factor
-      return true if two_factor_authenticated?
-
-      # True if authenticated via single factor and 2nd factor not setup 
-      !uses_two_factor_authentication?
+      super && two_factor_authentication_satisfied?
     end
 
     def require_authentication
       super
-
-      # Avoid database query if already authenticated via 2nd factor
-      return if two_factor_authenticated?
-
-      require_two_factor_authenticated if uses_two_factor_authentication?
+      require_two_factor_authenticated unless two_factor_authentication_satisfied?
     end
 
     def require_two_factor_setup
@@ -188,6 +177,10 @@ def two_factor_password_match?(password)
       end
     end
 
+    def two_factor_authentication_satisfied?
+      two_factor_authenticated? || !uses_two_factor_authentication?
+    end
+
     def two_factor_authenticated?
       authenticated_by && authenticated_by.length >= 2
     end