Use of e.g. ServiceWorker makes login with 2FA impossible about django-allauth-2fa HOT 4 OPEN

Without digging in deeper, one simple solution/workaround that comes to mind would be to serve /sw.js from a middleware before the 2FA middleware.

from django-allauth-2fa.

Login also breaks if you happen to do any sort of request in between login and two-factor-authentication, e.g., pulling latest news for a sidebar widget via ajax etc. Therefore, I don't think the above mentioned approach solves this issue for good. I propose the solution in the pull request, which tries to remove allauth_2fa_user_idin two places:

1. After a successful login and two-factor-authentication of a user that has 2FA enabled. After the initial login (with username and passwort only), an already presentallauth_2fa_user_id will be overwritten anyway. So we only need to take care of it after authentication.
2. After a successful login of a user that does not have 2FA enabled. We could also clear it before the login - however, this is out of this app's scope.

The only time an artifact of allauth_2fa_user_id can remain in the session is between an abortion of the 2fa-flow and the user's next successful login (which will clear or overwrite it).

Please note: I just commented out the old tests. Before merging, the code should be cleaned up properly. Just let me know, if this approach is fine for you and I'll clean it up properly and update the docs.

from django-allauth-2fa.

@simonkern I don't think the codebase maintainers are all that active about this project.

I did ran into the same problem a while ago and this is what I did to work around it.
#93 (comment)

from django-allauth-2fa.

Any chance of getting this or what @sabipu mentioned merged?

from django-allauth-2fa.