test_for_35417.patch

Marius BALTEANU, 2021-07-27 23:15

Download (1.18 KB)

View differences:

test/integration/twofa_test.rb
193 193
      assert_response :success
194 194
    end
195 195
  end
196

  
197
  def test_enable_twofa_should_destroy_tokens
198
    recovery_token = Token.create!(:user_id => 2, :action => 'recovery')
199
    autologin_token = Token.create!(:user_id => 2, :action => 'autologin')
200

  
201
    with_settings twofa: "2" do
202
      log_user('jsmith', 'jsmith')
203
      follow_redirect!
204
      assert_redirected_to "/my/twofa/totp/activate/confirm"
205
      follow_redirect!
206

  
207
      assert key = User.find_by_login('jsmith').twofa_totp_key
208
      assert key.present?
209
      totp = ROTP::TOTP.new key
210

  
211
      post "/my/twofa/totp/activate", params: {twofa_code: '123456789'}
212
      assert_redirected_to "/my/twofa/totp/activate/confirm"
213
      follow_redirect!
214

  
215
      post "/my/twofa/totp/activate", params: {twofa_code: totp.now}
216
      assert_redirected_to "/my/account"
217
    end
218

  
219
    assert_nil Token.find_by_id(recovery_token.id)
220
    assert_nil Token.find_by_id(autologin_token.id)
221
  end
196 222
end