From 03ed1fcbb80cbca6e6beefb8d5603b13d6af1e94 Mon Sep 17 00:00:00 2001
From: James Williams <jamesw@instructure.com>
Date: Fri, 16 Nov 2018 09:14:02 -0700
Subject: [PATCH] don't show login pixel with pending otp

closes #CORE-2145

Change-Id: I11adbcc0be236325db0ebf4f4e8a94cbe7468d15
Reviewed-on: https://gerrit.instructure.com/172693
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
QA-Review: James Williams <jamesw@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
---
 lib/inst_fs.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/inst_fs.rb b/lib/inst_fs.rb
index 38550c76343..c853db66bad 100644
--- a/lib/inst_fs.rb
+++ b/lib/inst_fs.rb
@@ -24,6 +24,7 @@ module InstFS
 
     def login_pixel(user, session, oauth_host)
       return if session[:oauth2] # don't stomp an existing oauth flow in progress
+      return if session[:pending_otp]
       if !session[:shown_instfs_pixel] && user && enabled?
         session[:shown_instfs_pixel] = true
         pixel_url = login_pixel_url(token: session_jwt(user, oauth_host))