From 402f0040c9490c3c082664d4f1f97760de2bc0ed Mon Sep 17 00:00:00 2001
From: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Date: Wed, 17 Jun 2026 04:16:04 +0200
Subject: [PATCH] Tidy comments.

---
 authentik/brands/models.py  | 2 --
 authentik/recovery/views.py | 6 ++++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/authentik/brands/models.py b/authentik/brands/models.py
index 8995e972bd..0d64f7a275 100644
--- a/authentik/brands/models.py
+++ b/authentik/brands/models.py
@@ -18,8 +18,6 @@ from authentik.lib.models import SerializerModel
 LOGGER = get_logger()
 
 # Session flag marking a "safe mode" session (e.g. one created via a recovery link).
-# When set, brand customisations that could lock a user out - such as custom CSS - are
-# suppressed so the session can always reach the UI to fix the underlying configuration.
 SESSION_KEY_BRAND_SAFE_MODE = "authentik/brands/safe_mode"
 
 
diff --git a/authentik/recovery/views.py b/authentik/recovery/views.py
index dd7897066e..de1f9bb895 100644
--- a/authentik/recovery/views.py
+++ b/authentik/recovery/views.py
@@ -25,12 +25,14 @@ class UseTokenView(View):
                 .select_related("user")
             )
             token = tokens.first()
+
             if token is None:
                 raise Http404
+
             login(request, token.user, backend=BACKEND_INBUILT)
             token.delete()
-        # Recovery sessions run in "safe mode" so that misconfigured branding (e.g. custom
-        # CSS that hides login controls) cannot lock the recovered user back out.
+
         request.session[SESSION_KEY_BRAND_SAFE_MODE] = True
+
         messages.warning(request, _("Used recovery-link to authenticate."))
         return redirect("authentik_core:if-user")