Revert "fix: ignore aal2 flows in password populate"

This reverts commit 2b1fe68.
ory · Jun 20, 2024 · ca2bf62 · ca2bf62
1 parent 2b1fe68
commit ca2bf62
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 5 deletions.
diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go
@@ -217,6 +217,8 @@ preLoginHook:
 		switch strategy := s.(type) {
 		case FormHydrator:
 			switch {
+			case f.RequestedAAL == identity.AuthenticatorAssuranceLevel2:
+				populateErr = strategy.PopulateLoginMethodSecondFactor(r, f)
 			case f.IsRefresh():
 				populateErr = strategy.PopulateLoginMethodRefresh(r, f)
 			case f.RequestedAAL == identity.AuthenticatorAssuranceLevel1:
@@ -225,8 +227,6 @@ preLoginHook:
 				} else {
 					populateErr = strategy.PopulateLoginMethodFirstFactor(r, f)
 				}
-			case f.RequestedAAL == identity.AuthenticatorAssuranceLevel2:
-				populateErr = strategy.PopulateLoginMethodSecondFactor(r, f)
 			}
 		case OneStepFormHydrator:
 			populateErr = strategy.PopulateLoginMethod(r, f.RequestedAAL, f)

diff --git a/selfservice/strategy/password/login.go b/selfservice/strategy/password/login.go
@@ -129,9 +129,6 @@ func (s *Strategy) migratePasswordHash(ctx context.Context, identifier uuid.UUID
 }
 
 func (s *Strategy) PopulateLoginMethodRefresh(r *http.Request, sr *login.Flow) error {
-	if sr.RequestedAAL > identity.AuthenticatorAssuranceLevel1 {
-		return nil
-	}
 	identifier, id, _ := flowhelpers.GuessForcedLoginIdentifier(r, s.d, sr, s.ID())
 	if identifier == "" {
 		return nil