From 9dc9d5ef542d58ff38d69bcb085cb26bd519ab26 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 11 Sep 2023 14:27:14 -0400
Subject: [PATCH 1/3] test: remove errant .only()

---
 test/user/reset.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/user/reset.js b/test/user/reset.js
index 36f80b2dda..a2c1d631cd 100644
--- a/test/user/reset.js
+++ b/test/user/reset.js
@@ -112,7 +112,7 @@ describe('Password reset (library methods)', () => {
 	});
 });
 
-describe.only('locks', () => {
+describe('locks', () => {
 	let uid;
 	let email;
 	beforeEach(async () => {

From e1bced8c2c2c552165708a2814971dcb32d7613c Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 11 Sep 2023 14:22:04 -0400
Subject: [PATCH 2/3] fix: move database call used to associate a NodeBB
 session UUID to its express session id into user.auth.addSession, which is
 the only time it is called

---
 src/controllers/authentication.js | 5 +----
 src/user/auth.js                  | 7 +++++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index 08515f1124..82eec9f566 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -379,15 +379,12 @@ authenticationController.onSuccessfulLogin = async function (req, uid) {
 			new Promise((resolve) => {
 				req.session.save(resolve);
 			}),
-			user.auth.addSession(uid, req.sessionID),
+			user.auth.addSession(uid, req.sessionID, uuid),
 			user.updateLastOnlineTime(uid),
 			user.onUserOnline(uid, Date.now()),
 			analytics.increment('logins'),
 			db.incrObjectFieldBy('global', 'loginCount', 1),
 		]);
-		if (uid > 0) {
-			await db.setObjectField(`uid:${uid}:sessionUUID:sessionId`, uuid, req.sessionID);
-		}
 
 		// Force session check for all connected socket.io clients with the same session id
 		sockets.in(`sess_${req.sessionID}`).emit('checkSession', uid);
diff --git a/src/user/auth.js b/src/user/auth.js
index d8113547e6..5330903a15 100644
--- a/src/user/auth.js
+++ b/src/user/auth.js
@@ -106,12 +106,15 @@ module.exports = function (User) {
 		await db.sortedSetRemove(`uid:${uid}:sessions`, expiredSids);
 	}
 
-	User.auth.addSession = async function (uid, sessionId) {
+	User.auth.addSession = async function (uid, sessionId, uuid) {
 		if (!(parseInt(uid, 10) > 0)) {
 			return;
 		}
 		await cleanExpiredSessions(uid);
-		await db.sortedSetAdd(`uid:${uid}:sessions`, Date.now(), sessionId);
+		await Promise.all([
+			db.sortedSetAdd(`uid:${uid}:sessions`, Date.now(), sessionId),
+			db.setObjectField(`uid:${uid}:sessionUUID:sessionId`, uuid, sessionId),
+		]);
 		await revokeSessionsAboveThreshold(uid, meta.config.maxUserSessions);
 	};
 

From 6bc2b6c5ae1249309abbe52acffcee83e9380f5e Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 11 Sep 2023 15:10:37 -0400
Subject: [PATCH 3/3] fix(deps): bump 2factor

---
 install/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/package.json b/install/package.json
index c01476aaf2..67e579e57f 100644
--- a/install/package.json
+++ b/install/package.json
@@ -92,7 +92,7 @@
         "mousetrap": "1.6.5",
         "multiparty": "4.2.3",
         "nconf": "0.12.0",
-        "nodebb-plugin-2factor": "7.2.1",
+        "nodebb-plugin-2factor": "7.2.2",
         "nodebb-plugin-composer-default": "10.2.20",
         "nodebb-plugin-dbsearch": "6.2.2",
         "nodebb-plugin-emoji": "5.1.5",
@@ -194,4 +194,4 @@
             "url": "https://github.com/barisusakli"
         }
     ]
-}
\ No newline at end of file
+}