Redirect to 2FA creation page when otp_secret is not available (#6314)

2018-01-21 17:51:28 +05:30 · 2018-01-21 17:51:28 +05:30 · 112b1fa265
commit 112b1fa265
parent 31d1485887
3 changed files with 13 additions and 1 deletions
--- a/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb
+++ b/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb
@ -6,6 +6,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
  render_views

  let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: 'thisisasecretforthespecofnewview') }
+  let(:user_without_otp_secret) { Fabricate(:user, email: 'local-part@domain') }

  shared_examples 'renders :new' do
    it 'renders the new view' do
@ -33,6 +34,12 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
      get :new
      expect(response).to redirect_to('/auth/sign_in')
    end
+
+    it 'redirects if user do not have otp_secret' do
+      sign_in user_without_otp_secret, scope: :user
+      get :new
+      expect(response).to redirect_to('/settings/two_factor_authentication')
+    end
  end

  describe 'POST #create' do