jeremyevans
commented
2 years ago Thanks for finding and fixing this. I'll merge later today.
Closed janko closed 2 years ago
jeremyevans
commented
2 years ago Thanks for finding and fixing this. I'll merge later today.
On SMS setup and authentication,
sms_codeis added to the list of methods the session is authenticated by. However, when removing all multifactor authentication methods, Rodauth is removingsms_codesmethod, which will cause the account authenticated via SMS to stay SMS authenticated. We fix that by removingsms_codemethod instead.The method deletion from session when removing all MFA methods wasn't tested for any MFA method (except implicitly for recovery codes), so we add the missing tests.