Defect #35087 ยป 35087.patch
| app/controllers/account_controller.rb | ||
|---|---|---|
| 25 | 25 | |
| 26 | 26 |
# prevents login action to be filtered by check_if_login_required application scope filter |
| 27 | 27 |
skip_before_action :check_if_login_required, :check_password_change |
| 28 |
skip_before_action :check_twofa_activation, :only => :logout |
|
| 28 | 29 | |
| 29 | 30 |
# Overrides ApplicationController#verify_authenticity_token to disable |
| 30 | 31 |
# token verification on openid callbacks |
| test/integration/twofa_test.rb | ||
|---|---|---|
| 43 | 43 |
end |
| 44 | 44 |
end |
| 45 | 45 | |
| 46 |
test 'should allow logout even if twofa setup is required' do |
|
| 47 |
with_settings twofa: '2' do |
|
| 48 |
log_user('jsmith', 'jsmith')
|
|
| 49 |
follow_redirect! |
|
| 50 |
assert_redirected_to '/my/twofa/totp/activate/confirm' |
|
| 51 |
follow_redirect! |
|
| 52 |
post '/logout' |
|
| 53 |
assert_redirected_to '/' |
|
| 54 |
follow_redirect! |
|
| 55 |
assert_response :success |
|
| 56 |
end |
|
| 57 |
end |
|
| 58 | ||
| 46 | 59 |
test "should generate and accept backup codes" do |
| 47 | 60 |
log_user('jsmith', 'jsmith')
|
| 48 | 61 |
get "/my/account" |