Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
5cd526f7
Commit
5cd526f7
authored
May 09, 2015
by
Robert Speicher
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Prevent "You are already signed in." error message upon 2FA login
parent
76873ce4
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
26 additions
and
3 deletions
+26
-3
app/controllers/sessions_controller.rb
app/controllers/sessions_controller.rb
+8
-2
spec/features/login_spec.rb
spec/features/login_spec.rb
+18
-1
No files found.
app/controllers/sessions_controller.rb
View file @
5cd526f7
class
SessionsController
<
Devise
::
SessionsController
class
SessionsController
<
Devise
::
SessionsController
prepend_before_action
:authenticate_with_two_factor
,
only: :create
prepend_before_action
:authenticate_with_two_factor
,
only:
[
:create
]
# This action comes from DeviseController, but because we call `sign_in`
# manually inside `authenticate_with_two_factor`, not skipping this action
# would cause a "You are already signed in." error message to be shown upon
# successful login.
skip_before_action
:require_no_authentication
,
only:
[
:create
]
def
new
def
new
redirect_path
=
redirect_path
=
...
@@ -61,7 +67,7 @@ class SessionsController < Devise::SessionsController
...
@@ -61,7 +67,7 @@ class SessionsController < Devise::SessionsController
# Remove any lingering user data from login
# Remove any lingering user data from login
session
.
delete
(
:otp_user_id
)
session
.
delete
(
:otp_user_id
)
sign_in
(
user
)
sign_in
(
user
)
and
return
else
else
flash
.
now
[
:alert
]
=
'Invalid two-factor code.'
flash
.
now
[
:alert
]
=
'Invalid two-factor code.'
render
:two_factor
and
return
render
:two_factor
and
return
...
...
spec/features/login_spec.rb
View file @
5cd526f7
...
@@ -15,6 +15,11 @@ feature 'Login' do
...
@@ -15,6 +15,11 @@ feature 'Login' do
click_button
'Verify code'
click_button
'Verify code'
end
end
it
'does not show a "You are already signed in." error message'
do
enter_code
(
user
.
current_otp
)
expect
(
page
).
not_to
have_content
(
'You are already signed in.'
)
end
context
'using one-time code'
do
context
'using one-time code'
do
it
'allows login with valid code'
do
it
'allows login with valid code'
do
enter_code
(
user
.
current_otp
)
enter_code
(
user
.
current_otp
)
...
@@ -66,7 +71,7 @@ feature 'Login' do
...
@@ -66,7 +71,7 @@ feature 'Login' do
expect
(
user
.
reload
.
otp_backup_codes
.
size
).
to
eq
9
expect
(
user
.
reload
.
otp_backup_codes
.
size
).
to
eq
9
enter_code
(
code
)
enter_code
(
code
)
expect
(
page
).
to
have_content
(
'Invalid two-factor code'
)
expect
(
page
).
to
have_content
(
'Invalid two-factor code
.
'
)
end
end
end
end
end
end
...
@@ -80,5 +85,17 @@ feature 'Login' do
...
@@ -80,5 +85,17 @@ feature 'Login' do
login_with
(
user
)
login_with
(
user
)
expect
(
current_path
).
to
eq
root_path
expect
(
current_path
).
to
eq
root_path
end
end
it
'does not show a "You are already signed in." error message'
do
login_with
(
user
)
expect
(
page
).
not_to
have_content
(
'You are already signed in.'
)
end
it
'blocks invalid login'
do
user
=
create
(
:user
,
password:
'not-the-default'
)
login_with
(
user
)
expect
(
page
).
to
have_content
(
'Invalid email or password.'
)
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment