Redirect to 2FA creation page when otp_secret is not available (#6314)
This commit is contained in:
parent
31d1485887
commit
112b1fa265
|
@ -70,7 +70,7 @@ GEM
|
||||||
coderay (>= 1.0.0)
|
coderay (>= 1.0.0)
|
||||||
erubi (>= 1.0.0)
|
erubi (>= 1.0.0)
|
||||||
rack (>= 0.9.0)
|
rack (>= 0.9.0)
|
||||||
binding_of_caller (0.7.3)
|
binding_of_caller (0.8.0)
|
||||||
debug_inspector (>= 0.0.1)
|
debug_inspector (>= 0.0.1)
|
||||||
bootsnap (1.1.5)
|
bootsnap (1.1.5)
|
||||||
msgpack (~> 1.0)
|
msgpack (~> 1.0)
|
||||||
|
|
|
@ -6,6 +6,7 @@ module Settings
|
||||||
layout 'admin'
|
layout 'admin'
|
||||||
|
|
||||||
before_action :authenticate_user!
|
before_action :authenticate_user!
|
||||||
|
before_action :ensure_otp_secret
|
||||||
|
|
||||||
def new
|
def new
|
||||||
prepare_two_factor_form
|
prepare_two_factor_form
|
||||||
|
@ -38,6 +39,10 @@ module Settings
|
||||||
@provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain)
|
@provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain)
|
||||||
@qrcode = RQRCode::QRCode.new(@provision_url)
|
@qrcode = RQRCode::QRCode.new(@provision_url)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def ensure_otp_secret
|
||||||
|
redirect_to settings_two_factor_authentication_path unless current_user.otp_secret
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -6,6 +6,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
|
||||||
render_views
|
render_views
|
||||||
|
|
||||||
let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: 'thisisasecretforthespecofnewview') }
|
let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: 'thisisasecretforthespecofnewview') }
|
||||||
|
let(:user_without_otp_secret) { Fabricate(:user, email: 'local-part@domain') }
|
||||||
|
|
||||||
shared_examples 'renders :new' do
|
shared_examples 'renders :new' do
|
||||||
it 'renders the new view' do
|
it 'renders the new view' do
|
||||||
|
@ -33,6 +34,12 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
|
||||||
get :new
|
get :new
|
||||||
expect(response).to redirect_to('/auth/sign_in')
|
expect(response).to redirect_to('/auth/sign_in')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'redirects if user do not have otp_secret' do
|
||||||
|
sign_in user_without_otp_secret, scope: :user
|
||||||
|
get :new
|
||||||
|
expect(response).to redirect_to('/settings/two_factor_authentication')
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'POST #create' do
|
describe 'POST #create' do
|
||||||
|
|
Reference in New Issue