Commit b050bb5b authored by Robert Speicher's avatar Robert Speicher

Fix 2FA backup code removal

parent 0c113c8d
......@@ -80,7 +80,10 @@ class User < ActiveRecord::Base
devise :two_factor_authenticatable,
otp_secret_encryption_key: File.read(Rails.root.join('.secret')).chomp
devise :two_factor_backupable
serialize :otp_backup_codes, JSON
devise :lockable, :async, :recoverable, :rememberable, :trackable,
:validatable, :omniauthable, :confirmable, :registerable
......
......@@ -47,7 +47,7 @@ feature 'Login' do
before do
expect(codes.size).to eq 5
# Because `generate_otp_backup_codes!` doesn't actually do this...
# Ensure the generated codes get saved
user.save
end
......@@ -58,20 +58,18 @@ feature 'Login' do
end
it 'invalidates the used code' do
# FIXME (rspeicher): Broken library is broken
expect { enter_code(codes.sample) }.to change { user.otp_backup_codes.size }.by(-1)
expect { enter_code(codes.sample) }.
to change { user.reload.otp_backup_codes.size }.by(-1)
end
end
context 'with invalid code' do
it 'blocks login' do
# FIXME (rspeicher): Broken library is broken
code = codes.sample
expect(user.invalidate_otp_backup_code!(code)).to eq true
expect(user.otp_backup_codes.size).to eq 4 # Passes
user.save!
user.reload
expect(user.otp_backup_codes.size).to eq 4 # Fails... WAT?!
expect(user.reload.otp_backup_codes.size).to eq 4
enter_code(code)
expect(page).to have_content('Invalid two-factor code')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment