Fix 2FA challenge and password challenge for non-database users (#11831)

* Fix 2FA challenge not appearing for non-database users Fix #11685 * Fix account deletion not working when using external login Fix #11691
2019-09-15 21:08:39 +02:00 · 2019-09-15 21:08:39 +02:00 · c707ef49d9
commit c707ef49d9
parent 1511638975
7 changed files with 66 additions and 61 deletions
--- a/spec/controllers/auth/sessions_controller_spec.rb
+++ b/spec/controllers/auth/sessions_controller_spec.rb
@ -5,11 +5,11 @@ require 'rails_helper'
 RSpec.describe Auth::SessionsController, type: :controller do
  render_views

-  describe 'GET #new' do
-    before do
-      request.env['devise.mapping'] = Devise.mappings[:user]
-    end
+  before do
+    request.env['devise.mapping'] = Devise.mappings[:user]
+  end

+  describe 'GET #new' do
    it 'returns http success' do
      get :new
      expect(response).to have_http_status(200)
@ -19,10 +19,6 @@ RSpec.describe Auth::SessionsController, type: :controller do
  describe 'DELETE #destroy' do
    let(:user) { Fabricate(:user) }

-    before do
-      request.env['devise.mapping'] = Devise.mappings[:user]
-    end
-
    context 'with a regular user' do
      it 'redirects to home after sign out' do
        sign_in(user, scope: :user)
@ -51,10 +47,6 @@ RSpec.describe Auth::SessionsController, type: :controller do
  end

  describe 'POST #create' do
-    before do
-      request.env['devise.mapping'] = Devise.mappings[:user]
-    end
-
    context 'using PAM authentication', if: ENV['PAM_ENABLED'] == 'true' do
      context 'using a valid password' do
        before do
@ -191,11 +183,11 @@ RSpec.describe Auth::SessionsController, type: :controller do
    end

    context 'using two-factor authentication' do
-      let(:user) do
-        Fabricate(:user, email: 'x@y.com', password: 'abcdefgh',
-                         otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
+      let!(:user) do
+        Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
      end
-      let(:recovery_codes) do
+
+      let!(:recovery_codes) do
        codes = user.generate_otp_backup_codes!
        user.save
        return codes