Commit 1645cec1 authored by James Lopez's avatar James Lopez

Merge branch '61441' into 'master'

#61441 Allow user to set email ID before setting up 2FA

See merge request gitlab-org/gitlab-ce!28097
parents 6d495d65 fa3aa0c5
...@@ -16,7 +16,7 @@ module EnforcesTwoFactorAuthentication ...@@ -16,7 +16,7 @@ module EnforcesTwoFactorAuthentication
end end
def check_two_factor_requirement def check_two_factor_requirement
if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled? && !skip_two_factor? if two_factor_authentication_required? && current_user && !current_user.temp_oauth_email? && !current_user.two_factor_enabled? && !skip_two_factor?
redirect_to profile_two_factor_auth_path redirect_to profile_two_factor_auth_path
end end
end end
......
---
title: Allow user to set primary email first when 2FA is required
merge_request: 28097
author: Kartikey Tanna
type: fixed
...@@ -206,8 +206,19 @@ describe ApplicationController do ...@@ -206,8 +206,19 @@ describe ApplicationController do
describe '#check_two_factor_requirement' do describe '#check_two_factor_requirement' do
subject { controller.send :check_two_factor_requirement } subject { controller.send :check_two_factor_requirement }
it 'does not redirect if user has temporary oauth email' do
oauth_user = create(:user, email: 'temp-email-for-oauth@email.com')
allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
allow(controller).to receive(:current_user).and_return(oauth_user)
expect(controller).not_to receive(:redirect_to)
subject
end
it 'does not redirect if 2FA is not required' do it 'does not redirect if 2FA is not required' do
allow(controller).to receive(:two_factor_authentication_required?).and_return(false) allow(controller).to receive(:two_factor_authentication_required?).and_return(false)
expect(controller).not_to receive(:redirect_to) expect(controller).not_to receive(:redirect_to)
subject subject
...@@ -216,6 +227,7 @@ describe ApplicationController do ...@@ -216,6 +227,7 @@ describe ApplicationController do
it 'does not redirect if user is not logged in' do it 'does not redirect if user is not logged in' do
allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
allow(controller).to receive(:current_user).and_return(nil) allow(controller).to receive(:current_user).and_return(nil)
expect(controller).not_to receive(:redirect_to) expect(controller).not_to receive(:redirect_to)
subject subject
...@@ -223,8 +235,9 @@ describe ApplicationController do ...@@ -223,8 +235,9 @@ describe ApplicationController do
it 'does not redirect if user has 2FA enabled' do it 'does not redirect if user has 2FA enabled' do
allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
allow(controller).to receive(:current_user).twice.and_return(user) allow(controller).to receive(:current_user).thrice.and_return(user)
allow(user).to receive(:two_factor_enabled?).and_return(true) allow(user).to receive(:two_factor_enabled?).and_return(true)
expect(controller).not_to receive(:redirect_to) expect(controller).not_to receive(:redirect_to)
subject subject
...@@ -232,9 +245,10 @@ describe ApplicationController do ...@@ -232,9 +245,10 @@ describe ApplicationController do
it 'does not redirect if 2FA setup can be skipped' do it 'does not redirect if 2FA setup can be skipped' do
allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
allow(controller).to receive(:current_user).twice.and_return(user) allow(controller).to receive(:current_user).thrice.and_return(user)
allow(user).to receive(:two_factor_enabled?).and_return(false) allow(user).to receive(:two_factor_enabled?).and_return(false)
allow(controller).to receive(:skip_two_factor?).and_return(true) allow(controller).to receive(:skip_two_factor?).and_return(true)
expect(controller).not_to receive(:redirect_to) expect(controller).not_to receive(:redirect_to)
subject subject
...@@ -242,10 +256,11 @@ describe ApplicationController do ...@@ -242,10 +256,11 @@ describe ApplicationController do
it 'redirects to 2FA setup otherwise' do it 'redirects to 2FA setup otherwise' do
allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
allow(controller).to receive(:current_user).twice.and_return(user) allow(controller).to receive(:current_user).thrice.and_return(user)
allow(user).to receive(:two_factor_enabled?).and_return(false) allow(user).to receive(:two_factor_enabled?).and_return(false)
allow(controller).to receive(:skip_two_factor?).and_return(false) allow(controller).to receive(:skip_two_factor?).and_return(false)
allow(controller).to receive(:profile_two_factor_auth_path) allow(controller).to receive(:profile_two_factor_auth_path)
expect(controller).to receive(:redirect_to) expect(controller).to receive(:redirect_to)
subject subject
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment