35087.patch

Go MAEDA, 2021-04-14 04:27

Download (1.34 KB)

View differences:

app/controllers/account_controller.rb
25 25

  
26 26
  # prevents login action to be filtered by check_if_login_required application scope filter
27 27
  skip_before_action :check_if_login_required, :check_password_change
28
  skip_before_action :check_twofa_activation, :only => :logout
28 29

  
29 30
  # Overrides ApplicationController#verify_authenticity_token to disable
30 31
  # token verification on openid callbacks
test/integration/twofa_test.rb
43 43
    end
44 44
  end
45 45

  
46
  test 'should allow logout even if twofa setup is required' do
47
    with_settings twofa: '2' do
48
      log_user('jsmith', 'jsmith')
49
      follow_redirect!
50
      assert_redirected_to '/my/twofa/totp/activate/confirm'
51
      follow_redirect!
52
      post '/logout'
53
      assert_redirected_to '/'
54
      follow_redirect!
55
      assert_response :success
56
    end
57
  end
58

  
46 59
  test "should generate and accept backup codes" do
47 60
    log_user('jsmith', 'jsmith')
48 61
    get "/my/account"