From 00da21a13d268ee9dd39db8bbaa5357367a500c0 Mon Sep 17 00:00:00 2001 From: Dominik Kwiatek Date: Mon, 19 Oct 2020 12:20:44 +0200 Subject: [PATCH] Redirect away from two factor entry page if no target user is set in session --- app/controllers/user/sessions_controller.rb | 5 +++++ spec/controllers/user/sessions_controller_spec.rb | 14 ++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 spec/controllers/user/sessions_controller_spec.rb diff --git a/app/controllers/user/sessions_controller.rb b/app/controllers/user/sessions_controller.rb index bb72cb2c..8930deee 100644 --- a/app/controllers/user/sessions_controller.rb +++ b/app/controllers/user/sessions_controller.rb @@ -27,6 +27,11 @@ class User::SessionsController < Devise::SessionsController end def two_factor_entry + unless session.has_key? :user_sign_in_uid + redirect_to root_url + return + end + self.resource = User.find(session[:user_sign_in_uid]) render 'auth/two_factor_authentication' end diff --git a/spec/controllers/user/sessions_controller_spec.rb b/spec/controllers/user/sessions_controller_spec.rb new file mode 100644 index 00000000..fcca30a2 --- /dev/null +++ b/spec/controllers/user/sessions_controller_spec.rb @@ -0,0 +1,14 @@ +require 'rails_helper' + +describe User::SessionsController do + before do + @request.env["devise.mapping"] = Devise.mappings[:user] + end + + describe "#two_factor_entry" do + subject { get :two_factor_entry } + it "redirects back to the home page if no sign in target is set" do + expect(subject).to redirect_to :root + end + end +end \ No newline at end of file