It's possible that an account is signed in but the record gets deleted in the database, especially in development where it's common to clear testing data. When #uses_two_factor_authentication? is called, it ends up calling #has_password?, which errors if the logged in account record doesn't exist. I thought it would be nice if Rodauth gracefully handled that.
I also made two spec changes on the way: one was to use the PASSWORD_HASH_TABLE constant, the other was renaming the spec name to communicate that it's testing all MFA behavior.
It's possible that an account is signed in but the record gets deleted in the database, especially in development where it's common to clear testing data. When
#uses_two_factor_authentication?
is called, it ends up calling#has_password?
, which errors if the logged in account record doesn't exist. I thought it would be nice if Rodauth gracefully handled that.I also made two spec changes on the way: one was to use the
PASSWORD_HASH_TABLE
constant, the other was renaming the spec name to communicate that it's testing all MFA behavior.