Commit d93da8be authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'rs-disable-2fa' into 'master'

Add User#disable_two_factor!

This method encapsulates all the logic for disabling 2FA on a specific
User model.

See merge request !961
parents 10d5da78 22724418
...@@ -29,13 +29,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -29,13 +29,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
end end
def destroy def destroy
current_user.update_attributes({ current_user.disable_two_factor!
two_factor_enabled: false,
encrypted_otp_secret: nil,
encrypted_otp_secret_iv: nil,
encrypted_otp_secret_salt: nil,
otp_backup_codes: nil
})
redirect_to profile_account_path redirect_to profile_account_path
end end
......
...@@ -322,6 +322,16 @@ class User < ActiveRecord::Base ...@@ -322,6 +322,16 @@ class User < ActiveRecord::Base
@reset_token @reset_token
end end
def disable_two_factor!
update_attributes(
two_factor_enabled: false,
encrypted_otp_secret: nil,
encrypted_otp_secret_iv: nil,
encrypted_otp_secret_salt: nil,
otp_backup_codes: nil
)
end
def namespace_uniq def namespace_uniq
namespace_name = self.username namespace_name = self.username
existing_namespace = Namespace.by_path(namespace_name) existing_namespace = Namespace.by_path(namespace_name)
......
...@@ -106,18 +106,11 @@ describe Profiles::TwoFactorAuthsController do ...@@ -106,18 +106,11 @@ describe Profiles::TwoFactorAuthsController do
describe 'DELETE destroy' do describe 'DELETE destroy' do
let(:user) { create(:user, :two_factor) } let(:user) { create(:user, :two_factor) }
let!(:codes) { user.generate_otp_backup_codes! }
it 'clears all 2FA-related fields' do it 'disables two factor' do
expect(user).to be_two_factor_enabled expect(user).to receive(:disable_two_factor!)
expect(user.otp_backup_codes).not_to be_nil
expect(user.encrypted_otp_secret).not_to be_nil
delete :destroy delete :destroy
expect(user).not_to be_two_factor_enabled
expect(user.otp_backup_codes).to be_nil
expect(user.encrypted_otp_secret).to be_nil
end end
it 'redirects to profile_account_path' do it 'redirects to profile_account_path' do
......
...@@ -32,6 +32,7 @@ FactoryGirl.define do ...@@ -32,6 +32,7 @@ FactoryGirl.define do
before(:create) do |user| before(:create) do |user|
user.two_factor_enabled = true user.two_factor_enabled = true
user.otp_secret = User.generate_otp_secret(32) user.otp_secret = User.generate_otp_secret(32)
user.generate_otp_backup_codes!
end end
end end
......
...@@ -217,6 +217,24 @@ describe User do ...@@ -217,6 +217,24 @@ describe User do
end end
end end
describe '#disable_two_factor!' do
it 'clears all 2FA-related fields' do
user = create(:user, :two_factor)
expect(user).to be_two_factor_enabled
expect(user.encrypted_otp_secret).not_to be_nil
expect(user.otp_backup_codes).not_to be_nil
user.disable_two_factor!
expect(user).not_to be_two_factor_enabled
expect(user.encrypted_otp_secret).to be_nil
expect(user.encrypted_otp_secret_iv).to be_nil
expect(user.encrypted_otp_secret_salt).to be_nil
expect(user.otp_backup_codes).to be_nil
end
end
describe 'projects' do describe 'projects' do
before do before do
@user = create :user @user = create :user
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment