From 95c36946be7d5cef27da8fa11bfbe30b0b428096 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Fri, 30 Aug 2024 11:43:54 +0200
Subject: [PATCH] chore: synchronize workspaces

---
 identity/test/pool.go          | 2 +-
 selfservice/flow/login/hook.go | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/identity/test/pool.go b/identity/test/pool.go
index 9d4a24f30706..20aa96462eb2 100644
--- a/identity/test/pool.go
+++ b/identity/test/pool.go
@@ -1038,7 +1038,7 @@ func TestPool(ctx context.Context, p persistence.Persister, m *identity.Manager,
 			require.Equal(t, expected.ID, actual.ID)
 			require.NotNil(t, actual.Credentials[identity.CredentialsTypePassword])
 			assert.EqualValues(t, expected.Credentials[identity.CredentialsTypePassword].ID, actual.Credentials[identity.CredentialsTypePassword].ID)
-			assert.EqualValues(t, expected.Credentials[identity.CredentialsTypePassword].Identifiers, actual.Credentials[identity.CredentialsTypePassword].Identifiers)
+			assert.EqualValues(t, []string{strings.ToLower(identifier)}, actual.Credentials[identity.CredentialsTypePassword].Identifiers)
 			assert.JSONEq(t, string(expected.Credentials[identity.CredentialsTypePassword].Config), string(actual.Credentials[identity.CredentialsTypePassword].Config))
 
 			t.Run("not if on another network", func(t *testing.T) {
diff --git a/selfservice/flow/login/hook.go b/selfservice/flow/login/hook.go
index bfa581d0a85c..be25529241f0 100644
--- a/selfservice/flow/login/hook.go
+++ b/selfservice/flow/login/hook.go
@@ -267,7 +267,7 @@ func (e *HookExecutor) PostLoginHook(
 		s.Token = ""
 
 		// If we detect that whoami would require a higher AAL, we redirect!
-		if _, err := e.requiresAAL2(r, s, f); err != nil {
+		if _, err := e.requiresAAL2(r, classified, f); err != nil {
 			if aalErr := new(session.ErrAALNotSatisfied); errors.As(err, &aalErr) {
 				span.SetAttributes(attribute.String("return_to", aalErr.RedirectTo), attribute.String("redirect_reason", "requires aal2"))
 				e.d.Writer().WriteError(w, r, flow.NewBrowserLocationChangeRequiredError(aalErr.RedirectTo))
@@ -303,7 +303,7 @@ func (e *HookExecutor) PostLoginHook(
 	}
 
 	// If we detect that whoami would require a higher AAL, we redirect!
-	if _, err := e.requiresAAL2(r, s, f); err != nil {
+	if _, err := e.requiresAAL2(r, classified, f); err != nil {
 		if aalErr := new(session.ErrAALNotSatisfied); errors.As(err, &aalErr) {
 			http.Redirect(w, r, aalErr.RedirectTo, http.StatusSeeOther)
 			return nil