Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b050bb5b
Commit
b050bb5b
authored
May 09, 2015
by
Robert Speicher
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix 2FA backup code removal
parent
0c113c8d
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
8 additions
and
7 deletions
+8
-7
app/models/user.rb
app/models/user.rb
+3
-0
spec/features/login_spec.rb
spec/features/login_spec.rb
+5
-7
No files found.
app/models/user.rb
View file @
b050bb5b
...
...
@@ -80,7 +80,10 @@ class User < ActiveRecord::Base
devise
:two_factor_authenticatable
,
otp_secret_encryption_key:
File
.
read
(
Rails
.
root
.
join
(
'.secret'
)).
chomp
devise
:two_factor_backupable
serialize
:otp_backup_codes
,
JSON
devise
:lockable
,
:async
,
:recoverable
,
:rememberable
,
:trackable
,
:validatable
,
:omniauthable
,
:confirmable
,
:registerable
...
...
spec/features/login_spec.rb
View file @
b050bb5b
...
...
@@ -47,7 +47,7 @@ feature 'Login' do
before
do
expect
(
codes
.
size
).
to
eq
5
#
Because `generate_otp_backup_codes!` doesn't actually do this...
#
Ensure the generated codes get saved
user
.
save
end
...
...
@@ -58,20 +58,18 @@ feature 'Login' do
end
it
'invalidates the used code'
do
# FIXME (rspeicher): Broken library is broken
expect
{
enter_code
(
codes
.
sample
)
}.
to
change
{
user
.
otp_backup_codes
.
size
}.
by
(
-
1
)
expect
{
enter_code
(
codes
.
sample
)
}.
to
change
{
user
.
reload
.
otp_backup_codes
.
size
}.
by
(
-
1
)
end
end
context
'with invalid code'
do
it
'blocks login'
do
# FIXME (rspeicher): Broken library is broken
code
=
codes
.
sample
expect
(
user
.
invalidate_otp_backup_code!
(
code
)).
to
eq
true
expect
(
user
.
otp_backup_codes
.
size
).
to
eq
4
# Passes
user
.
save!
user
.
reload
expect
(
user
.
otp_backup_codes
.
size
).
to
eq
4
# Fails... WAT?!
expect
(
user
.
reload
.
otp_backup_codes
.
size
).
to
eq
4
enter_code
(
code
)
expect
(
page
).
to
have_content
(
'Invalid two-factor code'
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment