fix(auth): update SQL queries to use totp_secret_encrypted instead of dropped totp_secret column

Co-authored-by: Draco Lunaris <331325+Draco-Lunaris@users.noreply.github.com>
2026-06-05 21:08:00 -05:00
parent 604b31b937
commit 0296cf9c51
2 changed files with 3 additions and 3 deletions
--- a/crates/pm-auth/src/session.rs
+++ b/crates/pm-auth/src/session.rs
@ -120,7 +120,7 @@ pub async fn login(
    let user: Option<DbUser> = sqlx::query_as(
        r#"
        SELECT id, username, display_name, role, auth_provider,
-               password_hash, totp_secret, mfa_enabled, is_active, force_password_reset,
+               password_hash, totp_secret_encrypted, totp_secret_nonce, mfa_enabled, is_active, force_password_reset,
               failed_login_attempts, locked_until
        FROM users
        WHERE username = $1 AND auth_provider = 'local'
@ -278,7 +278,7 @@ pub async fn refresh_session(
    let user: DbUser = sqlx::query_as(
        r#"
        SELECT id, username, display_name, role, auth_provider,
-               password_hash, totp_secret, mfa_enabled, is_active, force_password_reset,
+               password_hash, totp_secret_encrypted, totp_secret_nonce, mfa_enabled, is_active, force_password_reset,
               failed_login_attempts, locked_until
        FROM users WHERE id = $1
        "#,
--- a/crates/pm-web/src/routes/auth.rs
+++ b/crates/pm-web/src/routes/auth.rs
@ -435,7 +435,7 @@ async fn disable_mfa(
        ));
    }

-    sqlx::query("UPDATE users SET totp_secret = NULL, mfa_enabled = FALSE WHERE id = $1")
+    sqlx::query("UPDATE users SET totp_secret_encrypted = NULL, totp_secret_nonce = NULL, mfa_enabled = FALSE WHERE id = $1")
        .bind(auth_user.user_id)
        .execute(&state.db)
        .await