Merge branch 'dm-session-delete-challenge' into 'master'

Delete correct key from `session` after authenticating using U2F Closes #36096 See merge request !13499

Merge branch 'dm-session-delete-challenge' into 'master'
69eb4be7 · Robert Speicher · e80a893f · 8bfae74e · 69eb4be7
Commit 69eb4be7 authored Aug 11, 2017 by Robert Speicher
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

authenticates_with_two_factor.rb app/controllers/concerns/authenticates_with_two_factor.rb +1 -1

No files found.
--- a/app/controllers/concerns/authenticates_with_two_factor.rb
+++ b/app/controllers/concerns/authenticates_with_two_factor.rb
@@ -69,7 +69,7 @@ module AuthenticatesWithTwoFactor
    if U2fRegistration.authenticate(user, u2f_app_id, user_params[:device_response], session[:challenge])
      # Remove any lingering user data from login
      session.delete(:otp_user_id)
-      session.delete(:challenges)
+      session.delete(:challenge)

      remember_me(user) if user_params[:remember_me] == '1'
      sign_in(user)