PERF: only check for totp record on current user at when needed

Previously the check was done a bit too early causing one extra query per page unconditionally for logged on users
2019-06-07 16:24:54 +10:00 · 2019-06-07 16:24:54 +10:00 · cbd4d06da0
parent a652d620f6
commit cbd4d06da0
1 changed files with 9 additions and 3 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -730,24 +730,30 @@ class ApplicationController < ActionController::Base
        # save original URL in a session so we can redirect after login
        session[:destination_url] = destination_url
        redirect_to path('/session/sso')
+        return
      elsif params[:authComplete].present?
        redirect_to path("/login?authComplete=true")
+        return
      else
        # save original URL in a cookie (javascript redirects after login in this case)
        cookies[:destination_url] = destination_url
        redirect_to path("/login")
+        return
      end
    end

-    if current_user &&
-      !current_user.totp_enabled? &&
+    check_totp = current_user &&
      !request.format.json? &&
      !is_api? &&
      ((SiteSetting.enforce_second_factor == 'staff' && current_user.staff?) ||
-        SiteSetting.enforce_second_factor == 'all')
+        SiteSetting.enforce_second_factor == 'all') &&
+      !current_user.totp_enabled?
+
+    if check_totp
      redirect_path = "#{GlobalSetting.relative_url_root}/u/#{current_user.username}/preferences/second-factor"
      if !request.fullpath.start_with?(redirect_path)
        redirect_to path(redirect_path)
+        return
      end
    end
  end