Skip to content

fix(two-factor-auth): gate 2FA enforcement on global setting (SER-2911)#7760

Open
coskunaydinoglu wants to merge 1 commit into
masterfrom
SER-2911-two-factor-auth-respect-global-disable
Open

fix(two-factor-auth): gate 2FA enforcement on global setting (SER-2911)#7760
coskunaydinoglu wants to merge 1 commit into
masterfrom
SER-2911-two-factor-auth-respect-global-disable

Conversation

@coskunaydinoglu

@coskunaydinoglu coskunaydinoglu commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

No description provided.

@claude
fix(two-factor-auth): gate 2FA enforcement on global setting (SER-2911)
b7569ac 
When global 2FA was enabled, every user who logged in was force-enrolled
and got two_factor_auth.enabled + secret_token persisted on their member
record. After an admin turned global 2FA off, those persisted flags
remained, so previously created users were still challenged for 2FA at
login (and password reset), while newly created users were not.

Make the global setting the single source of truth: login and password
reset only enforce 2FA while two-factor-auth.globally_enabled is true.
Disabling it now applies to all users regardless of stale per-user flags.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01V4HJ5qrPiDme1u8XqcjxqF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do-not-merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@coskunaydinoglu