From e5f6e364f184eaa535c6b29cbafe3418ea83d53f Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Fri, 3 Apr 2015 14:40:00 -0400
Subject: [PATCH] Improve and fix issues with 2FA

---
 app/Auth/RememberMe.php      | 3 +++
 app/Controller/Twofactor.php | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/Auth/RememberMe.php b/app/Auth/RememberMe.php
index 4736442edf..e8b20f37cb 100644
--- a/app/Auth/RememberMe.php
+++ b/app/Auth/RememberMe.php
@@ -103,6 +103,9 @@ public function authenticate()
                 // Create the session
                 $this->userSession->refresh($this->user->getById($record['user_id']));
 
+                // Do not ask 2FA for remember me session
+                $this->session['2fa_validated'] = true;
+
                 $this->container['dispatcher']->dispatch(
                     'auth.success',
                     new AuthEvent(self::AUTH_NAME, $this->userSession->getId())
diff --git a/app/Controller/Twofactor.php b/app/Controller/Twofactor.php
index 48954dc82c..e3451d3377 100644
--- a/app/Controller/Twofactor.php
+++ b/app/Controller/Twofactor.php
@@ -73,7 +73,7 @@ public function save()
         }
 
         // Allow the user to test or disable the feature
-        $this->session['user']['twofactor_activated'] = false;
+        $_SESSION['user']['twofactor_activated'] = false;
 
         $this->session->flash(t('User updated successfully.'));
         $this->response->redirect($this->helper->url('twofactor', 'index', array('user_id' => $user['id'])));