-
Fix 2FA authentication spoofing vulnerability · 00da609cGrzegorz Bizon authored
This commit attempts to change default user search scope if otp_user_id session variable has been set. If it is present, it means that user has 2FA enabled, and has already been verified with login and password. In this case we should look for user with otp_user_id first, before picking it up by login.
00da609c
×