diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb index 03845f1e1eccd5017d0fd47beac968d75150a48d..f9af0871cf1846601a62056bc69d0b96c7159f51 100644 --- a/app/controllers/profiles/two_factor_auths_controller.rb +++ b/app/controllers/profiles/two_factor_auths_controller.rb @@ -29,13 +29,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController end def destroy - current_user.update_attributes({ - two_factor_enabled: false, - encrypted_otp_secret: nil, - encrypted_otp_secret_iv: nil, - encrypted_otp_secret_salt: nil, - otp_backup_codes: nil - }) + current_user.disable_two_factor! redirect_to profile_account_path end diff --git a/app/models/user.rb b/app/models/user.rb index dc84f5141d87896517cb3c4054f0e2651bc3b191..317257a25001057daeca76850df0ec01fcd18ed3 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -322,6 +322,16 @@ class User < ActiveRecord::Base @reset_token end + def disable_two_factor! + update_attributes( + two_factor_enabled: false, + encrypted_otp_secret: nil, + encrypted_otp_secret_iv: nil, + encrypted_otp_secret_salt: nil, + otp_backup_codes: nil + ) + end + def namespace_uniq namespace_name = self.username existing_namespace = Namespace.by_path(namespace_name) diff --git a/spec/controllers/profiles/two_factor_auths_controller_spec.rb b/spec/controllers/profiles/two_factor_auths_controller_spec.rb index aa09f1a758d4d148681dd4063ff1f76a8bfbfd31..f54706e3aa32056c4ebecf66b45408925b6bc03b 100644 --- a/spec/controllers/profiles/two_factor_auths_controller_spec.rb +++ b/spec/controllers/profiles/two_factor_auths_controller_spec.rb @@ -105,19 +105,12 @@ describe Profiles::TwoFactorAuthsController do end describe 'DELETE destroy' do - let(:user) { create(:user, :two_factor) } - let!(:codes) { user.generate_otp_backup_codes! } + let(:user) { create(:user, :two_factor) } - it 'clears all 2FA-related fields' do - expect(user).to be_two_factor_enabled - expect(user.otp_backup_codes).not_to be_nil - expect(user.encrypted_otp_secret).not_to be_nil + it 'disables two factor' do + expect(user).to receive(:disable_two_factor!) delete :destroy - - expect(user).not_to be_two_factor_enabled - expect(user.otp_backup_codes).to be_nil - expect(user.encrypted_otp_secret).to be_nil end it 'redirects to profile_account_path' do diff --git a/spec/factories.rb b/spec/factories.rb index 578a2e4dc6961b5fec91019ee0b6c271530b8fce..05e3211d551ca49f0c2c991ac420448566955d29 100644 --- a/spec/factories.rb +++ b/spec/factories.rb @@ -32,6 +32,7 @@ FactoryGirl.define do before(:create) do |user| user.two_factor_enabled = true user.otp_secret = User.generate_otp_secret(32) + user.generate_otp_backup_codes! end end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 6d2423ae27af87223900b2360971d4ee21afb01e..16902317f10e89852c7b180a8914ed077ddebc11 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -217,6 +217,24 @@ describe User do end end + describe '#disable_two_factor!' do + it 'clears all 2FA-related fields' do + user = create(:user, :two_factor) + + expect(user).to be_two_factor_enabled + expect(user.encrypted_otp_secret).not_to be_nil + expect(user.otp_backup_codes).not_to be_nil + + user.disable_two_factor! + + expect(user).not_to be_two_factor_enabled + expect(user.encrypted_otp_secret).to be_nil + expect(user.encrypted_otp_secret_iv).to be_nil + expect(user.encrypted_otp_secret_salt).to be_nil + expect(user.otp_backup_codes).to be_nil + end + end + describe 'projects' do before do @user = create :user