Temporary additional logging to continue debugging MFA issues

app/controllers/mfa_controller.rb

@@ -3,50 +3,74 @@ class MfaController < ApplicationController
   skip_authentication only: [ :verify, :verify_code ]
 
   def new
+    Rails.logger.info "MfaController#new - User: #{Current.user.id} accessing MFA setup"
     redirect_to root_path if Current.user.otp_required?
     Current.user.setup_mfa! unless Current.user.otp_secret.present?
   end
 
   def create
+    Rails.logger.info "MfaController#create - User: #{Current.user.id} attempting to enable MFA"
     if Current.user.verify_otp?(params[:code])
+      Rails.logger.info "MfaController#create - MFA verification successful for user: #{Current.user.id}"
       Current.user.enable_mfa!
       @backup_codes = Current.user.otp_backup_codes
+      Rails.logger.info "MfaController#create - Generated backup codes for user: #{Current.user.id}"
       render :backup_codes
     else
+      Rails.logger.info "MfaController#create - MFA verification failed for user: #{Current.user.id}"
       Current.user.disable_mfa!
       redirect_to new_mfa_path, alert: t(".invalid_code")
     end
   end
 
   def verify
+    Rails.logger.info "MfaController#verify - Attempting to verify MFA for user_id from session: #{session[:mfa_user_id]}"
     @user = User.find_by(id: session[:mfa_user_id])
-    redirect_to new_session_path unless @user
+
+    if @user
+      Rails.logger.info "MfaController#verify - Found user: #{@user.id} for MFA verification"
+    else
+      Rails.logger.info "MfaController#verify - No user found for MFA verification, redirecting to login"
+      redirect_to new_session_path
+    end
   end
 
   def verify_code
+    Rails.logger.info "MfaController#verify_code - Attempting to verify MFA code for user_id from session: #{session[:mfa_user_id]}"
     @user = User.find_by(id: session[:mfa_user_id])
 
-    if @user&.verify_otp?(params[:code])
-      session.delete(:mfa_user_id)
-      @session = create_session_for(@user)
-      Rails.logger.info "MFA verification successful for user #{@user.id}. Session created: #{@session.id}"
-
-      # Explicitly set the cookie again to ensure it's properly set
-      cookies.signed.permanent[:session_token] = {
-        value: @session.id,
-        httponly: true,
-        same_site: :lax
-      }
-
-      # Use turbo: false to ensure a full page reload
-      redirect_to root_path, turbo: false
+    if @user
+      Rails.logger.info "MfaController#verify_code - Found user: #{@user.id} for MFA verification"
     else
+      Rails.logger.info "MfaController#verify_code - No user found for MFA verification"
+    end
+
+    if @user&.verify_otp?(params[:code])
+      Rails.logger.info "MfaController#verify_code - MFA code verification successful for user: #{@user.id}"
+      session.delete(:mfa_user_id)
+      Rails.logger.info "MfaController#verify_code - Deleted mfa_user_id from session"
+
+      @session = create_session_for(@user)
+      Rails.logger.info "MfaController#verify_code - Created session: #{@session.id} for user: #{@user.id}"
+
+      # Log cookie information
+      Rails.logger.info "MfaController#verify_code - Cookie details:"
+      Rails.logger.info "  - session_token present: #{cookies.signed[:session_token].present?}"
+      Rails.logger.info "  - session_token value: #{cookies.signed[:session_token]}"
+      Rails.logger.info "  - all cookies: #{cookies.to_h.keys.join(', ')}"
+
+      # Simply redirect to root path with data-turbo="false"
+      Rails.logger.info "MfaController#verify_code - Redirecting to root_path with data-turbo=false"
+      redirect_to root_path, data: { turbo: false }
+    else
+      Rails.logger.info "MfaController#verify_code - MFA code verification failed for user: #{@user&.id}"
       flash.now[:alert] = t(".invalid_code")
       render :verify, status: :unprocessable_entity
     end
   end
 
   def disable
+    Rails.logger.info "MfaController#disable - User: #{Current.user.id} disabling MFA"
     Current.user.disable_mfa!
     redirect_to settings_security_path, notice: t(".success")
   end