don't show login pixel with pending otp

closes #CORE-2145 Change-Id: I11adbcc0be236325db0ebf4f4e8a94cbe7468d15 Reviewed-on: https://gerrit.instructure.com/172693 Reviewed-by: Rob Orton <rob@instructure.com> Tested-by: Jenkins QA-Review: James Williams <jamesw@instructure.com> Product-Review: James Williams <jamesw@instructure.com>
2018-11-16 09:14:02 -07:00 · 2018-11-16 09:14:02 -07:00 · 03ed1fcbb8
parent 3faa672091
commit 03ed1fcbb8
1 changed files with 1 additions and 0 deletions
--- a/lib/inst_fs.rb
+++ b/lib/inst_fs.rb
@ -24,6 +24,7 @@ module InstFS

    def login_pixel(user, session, oauth_host)
      return if session[:oauth2] # don't stomp an existing oauth flow in progress
+      return if session[:pending_otp]
      if !session[:shown_instfs_pixel] && user && enabled?
        session[:shown_instfs_pixel] = true
        pixel_url = login_pixel_url(token: session_jwt(user, oauth_host))