]> cat aescling's git repositories - mastodon.git/commitdiff
cat aescling's git repositories / mastodon.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 31d1485)
Redirect to 2FA creation page when otp_secret is not available (#6314)
authorAboobacker MK <aboobacker@redpanthers.co>
Sun, 21 Jan 2018 12:21:28 +0000 (17:51 +0530)
committerEugen Rochko <eugen@zeonfederated.com>
Sun, 21 Jan 2018 12:21:28 +0000 (13:21 +0100)
Gemfile.lock patch | blob | history
app/controllers/settings/two_factor_authentication/confirmations_controller.rb patch | blob | history
spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb patch | blob | history

diff --git a/Gemfile.lock b/Gemfile.lock
index 788da17fed75b6596323b8355c04a96a4818d8bd..69ed3097b83f58cb674073cd5db6a8e9a0bdfd1d 100644 (file)
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -70,7 +70,7 @@ GEM
       coderay (>= 1.0.0)
       erubi (>= 1.0.0)
       rack (>= 0.9.0)
-    binding_of_caller (0.7.3)
+    binding_of_caller (0.8.0)
       debug_inspector (>= 0.0.1)
     bootsnap (1.1.5)
       msgpack (~> 1.0)
diff --git a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
index 4cf62db13ef76a120db22ceaf5482bdfc1657489..8d534960d4bf0c86fc23dc062ee940514c72bae1 100644 (file)
--- a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
@@ -6,6 +6,7 @@ module Settings
       layout 'admin'
 
       before_action :authenticate_user!
+      before_action :ensure_otp_secret
 
       def new
         prepare_two_factor_form
@@ -38,6 +39,10 @@ module Settings
         @provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain)
         @qrcode = RQRCode::QRCode.new(@provision_url)
       end
+
+      def ensure_otp_secret
+        redirect_to settings_two_factor_authentication_path unless current_user.otp_secret
+      end
     end
   end
 end
diff --git a/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb b/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb
index 0676d61613f798632da8f81334c3340e449bb33f..aee82a3d85633b6fe51fafdbb6dcbeb0ea3e1836 100644 (file)
--- a/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb
+++ b/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb
@@ -6,6 +6,7 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
   render_views
 
   let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: 'thisisasecretforthespecofnewview') }
+  let(:user_without_otp_secret) { Fabricate(:user, email: 'local-part@domain') }
 
   shared_examples 'renders :new' do
     it 'renders the new view' do
@@ -33,6 +34,12 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do
       get :new
       expect(response).to redirect_to('/auth/sign_in')
     end
+
+    it 'redirects if user do not have otp_secret' do
+      sign_in user_without_otp_secret, scope: :user
+      get :new
+      expect(response).to redirect_to('/settings/two_factor_authentication')
+    end
   end
 
   describe 'POST #create' do
source code fur Kibicat Mastodon