pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-22 01:31:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Remove signOut() calls before MFA

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-10-31 16:37:36 +00:00
parent bf40d27082
commit f36d6266be
3 changed files with 12 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/components/auth/AuthModal.tsx
View File

@@ -131,14 +131,13 @@ export function AuthModal({ open, onOpenChange, defaultTab = 'signin' }: AuthMod
const totpFactor = factors?.totp?.find(f => f.status === 'verified');
if (totpFactor) {
// IMMEDIATELY DESTROY THE AAL1 SESSION (same as Auth.tsx password flow)
console.log('[AuthModal] MFA required - destroying AAL1 session before challenge');
await supabase.auth.signOut();
// Keep AAL1 session active for MFA verification
// RLS policies will block sensitive operations until AAL2
console.log('[AuthModal] MFA required - keeping AAL1 session for verification');
// At this point, user has NO authenticated session
setMfaFactorId(totpFactor.id);
setLoading(false);
return; // User has NO session - MFA modal will show
return; // MFA modal will show, session-based MFA flow will work
}
}