From 68beb69984e116c658ba4b24fe37a8165a272eba Mon Sep 17 00:00:00 2001
From: Marco <marco@delight.im>
Date: Tue, 27 May 2025 10:46:50 +0200
Subject: [PATCH] Track which mechanism was used when successfully providing
 OTP for 2FA

---
 src/Auth.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Auth.php b/src/Auth.php
index 94ff9a9..f644ebe 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -836,6 +836,7 @@ final class Auth extends UserManager {
 		}
 
 		$success = false;
+		$mechanismUsed = null;
 		$performTotpVerification = true;
 
 		if (!empty($otpRecords)) {
@@ -868,6 +869,7 @@ final class Auth extends UserManager {
 
 							// remember that we have successfully verified the one-time password now
 							$success = true;
+							$mechanismUsed = (int) $otpRecord['mechanism'];
 
 							break;
 						}
@@ -915,6 +917,7 @@ final class Auth extends UserManager {
 
 						// remember that we have successfully verified the one-time password now
 						$success = true;
+						$mechanismUsed = self::TWO_FACTOR_MECHANISM_TOTP;
 					}
 				}
 			}