Redirect to 2FA creation page when otp_secret is not available (#6314)

th-downstream
Aboobacker MK 7 years ago committed by Eugen Rochko
parent 4ee27e1630
commit a1979b50c9

@ -70,7 +70,7 @@ GEM
coderay (>= 1.0.0) coderay (>= 1.0.0)
erubi (>= 1.0.0) erubi (>= 1.0.0)
rack (>= 0.9.0) rack (>= 0.9.0)
binding_of_caller (0.7.3) binding_of_caller (0.8.0)
debug_inspector (>= 0.0.1) debug_inspector (>= 0.0.1)
bootsnap (1.1.5) bootsnap (1.1.5)
msgpack (~> 1.0) msgpack (~> 1.0)

@ -6,6 +6,7 @@ module Settings
layout 'admin' layout 'admin'
before_action :authenticate_user! before_action :authenticate_user!
before_action :ensure_otp_secret
def new def new
prepare_two_factor_form prepare_two_factor_form
@ -38,6 +39,10 @@ module Settings
@provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain) @provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain)
@qrcode = RQRCode::QRCode.new(@provision_url) @qrcode = RQRCode::QRCode.new(@provision_url)
end end
def ensure_otp_secret
redirect_to settings_two_factor_authentication_path unless current_user.otp_secret
end
end end
end end
end end

@ -6,6 +6,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
render_views render_views
let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: 'thisisasecretforthespecofnewview') } let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: 'thisisasecretforthespecofnewview') }
let(:user_without_otp_secret) { Fabricate(:user, email: 'local-part@domain') }
shared_examples 'renders :new' do shared_examples 'renders :new' do
it 'renders the new view' do it 'renders the new view' do
@ -33,6 +34,12 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
get :new get :new
expect(response).to redirect_to('/auth/sign_in') expect(response).to redirect_to('/auth/sign_in')
end end
it 'redirects if user do not have otp_secret' do
sign_in user_without_otp_secret, scope: :user
get :new
expect(response).to redirect_to('/settings/two_factor_authentication')
end
end end
describe 'POST #create' do describe 'POST #create' do

Loading…
Cancel
Save