Commit 1cd37602 authored by manojmj's avatar manojmj

Allow users with expired passswords to sign out

This change allows users with expired passswords
to sign out
parent 0413042e
......@@ -10,6 +10,8 @@ class SessionsController < Devise::SessionsController
include KnownSignIn
skip_before_action :check_two_factor_requirement, only: [:destroy]
skip_before_action :check_password_expiration, only: [:destroy]
# replaced with :require_no_authentication_without_flash
skip_before_action :require_no_authentication, only: [:new, :create]
......
---
title: Allow users with expired passwords to sign out
merge_request: 40830
author:
type: fixed
......@@ -6,11 +6,11 @@ RSpec.describe SessionsController do
include DeviseHelpers
include LdapHelpers
describe '#new' do
before do
set_devise_mapping(context: @request)
end
describe '#new' do
context 'when auto sign-in is enabled' do
before do
stub_omniauth_setting(auto_sign_in_with_provider: :saml)
......@@ -59,13 +59,19 @@ RSpec.describe SessionsController do
end
end
end
end
describe '#create' do
before do
set_devise_mapping(context: @request)
it "redirects correctly for referer on same host with params" do
host = "test.host"
search_path = "/search?search=seed_project"
request.headers[:HTTP_REFERER] = "http://#{host}#{search_path}"
get(:new, params: { redirect_to_referer: :yes })
expect(controller.stored_location_for(:redirect)).to eq(search_path)
end
end
describe '#create' do
it_behaves_like 'known sign in' do
let(:user) { create(:user) }
let(:post_action) { post(:create, params: { user: { login: user.username, password: user.password } }) }
......@@ -439,25 +445,8 @@ RSpec.describe SessionsController do
end
end
describe "#new" do
before do
set_devise_mapping(context: @request)
end
it "redirects correctly for referer on same host with params" do
host = "test.host"
search_path = "/search?search=seed_project"
request.headers[:HTTP_REFERER] = "http://#{host}#{search_path}"
get(:new, params: { redirect_to_referer: :yes })
expect(controller.stored_location_for(:redirect)).to eq(search_path)
end
end
context 'when login fails' do
before do
set_devise_mapping(context: @request)
@request.env["warden.options"] = { action: 'unauthenticated' }
end
......@@ -471,10 +460,6 @@ RSpec.describe SessionsController do
describe '#set_current_context' do
let_it_be(:user) { create(:user) }
before do
set_devise_mapping(context: @request)
end
context 'when signed in' do
before do
sign_in(user)
......@@ -528,4 +513,21 @@ RSpec.describe SessionsController do
end
end
end
describe '#destroy' do
before do
sign_in(user)
end
context 'for a user whose password has expired' do
let(:user) { create(:user, password_expires_at: 2.days.ago) }
it 'allows to sign out successfully' do
delete :destroy
expect(response).to redirect_to(new_user_session_path)
expect(controller.current_user).to be_nil
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment