Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Add password challenge to 2FA settings, e-mail notifications (#11878)

Browse source 
Fix #3961
This commit is contained in:
Eugen Rochko 2019-09-18 16:37:27 +02:00 committed by GitHub
parent d0c2c52783
commit e1066cd431
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
32 changed files with 567 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

10
spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb
View file

@ -24,7 +24,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
context 'when signed in' do
subject do
sign_in user, scope: :user
get :new
get :new, session: { challenge_passed_at: Time.now.utc }
end
include_examples 'renders :new'
@ -37,7 +37,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
it 'redirects if user do not have otp_secret' do
sign_in user_without_otp_secret, scope: :user
get :new
get :new, session: { challenge_passed_at: Time.now.utc }
expect(response).to redirect_to('/settings/two_factor_authentication')
end
end
@ -50,7 +50,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
describe 'when form_two_factor_confirmation parameter is not provided' do
it 'raises ActionController::ParameterMissing' do
post :create, params: {}
post :create, params: {}, session: { challenge_passed_at: Time.now.utc }
expect(response).to have_http_status(400)
end
end
@ -68,7 +68,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
true
end
post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }
post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }, session: { challenge_passed_at: Time.now.utc }
expect(assigns(:recovery_codes)).to eq otp_backup_codes
expect(flash[:notice]).to eq 'Two-factor authentication successfully enabled'
@ -85,7 +85,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
false
end
post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }
post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }, session: { challenge_passed_at: Time.now.utc }
end
it 'renders the new view' do

2
spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb
View file

@ -15,7 +15,7 @@ describe Settings::TwoFactorAuthentication::RecoveryCodesController do
end
sign_in user, scope: :user
post :create
post :create, session: { challenge_passed_at: Time.now.utc }
expect(assigns(:recovery_codes)).to eq otp_backup_codes
expect(flash[:notice]).to eq 'Recovery codes successfully regenerated'

2
spec/controllers/settings/two_factor_authentications_controller_spec.rb
View file

@ -58,7 +58,7 @@ describe Settings::TwoFactorAuthenticationsController do
describe 'when creation succeeds' do
it 'updates user secret' do
before = user.otp_secret
post :create
post :create, session: { challenge_passed_at: Time.now.utc }
expect(user.reload.otp_secret).not_to eq(before)
expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path)