Broken user relationships in MFA (sub-)classes
Several relationships use the same foreign key (MFAMethod.user_id
). Because of this back-population/synchronization is not (and probably cannot be) correctly configured. E.g. deleting an TOTPMethod
object from User.mfa_methods
does not update User.mfa_totp_methods
.
-
User.mfa_methods
<->MFAMethod.user
-
User.mfa_recovery_codes
<->RecoveryCodeMethod.user
-
User.mfa_totp_methods
<->TOTPMethod.user
-
User.mfa_webauthn_methods
<->WebauthnMethod.user