Commit b050bb5b authored by Robert Speicher's avatar Robert Speicher

Fix 2FA backup code removal

parent 0c113c8d
...@@ -80,7 +80,10 @@ class User < ActiveRecord::Base ...@@ -80,7 +80,10 @@ class User < ActiveRecord::Base
devise :two_factor_authenticatable, devise :two_factor_authenticatable,
otp_secret_encryption_key: File.read(Rails.root.join('.secret')).chomp otp_secret_encryption_key: File.read(Rails.root.join('.secret')).chomp
devise :two_factor_backupable devise :two_factor_backupable
serialize :otp_backup_codes, JSON
devise :lockable, :async, :recoverable, :rememberable, :trackable, devise :lockable, :async, :recoverable, :rememberable, :trackable,
:validatable, :omniauthable, :confirmable, :registerable :validatable, :omniauthable, :confirmable, :registerable
......
...@@ -47,7 +47,7 @@ feature 'Login' do ...@@ -47,7 +47,7 @@ feature 'Login' do
before do before do
expect(codes.size).to eq 5 expect(codes.size).to eq 5
# Because `generate_otp_backup_codes!` doesn't actually do this... # Ensure the generated codes get saved
user.save user.save
end end
...@@ -58,20 +58,18 @@ feature 'Login' do ...@@ -58,20 +58,18 @@ feature 'Login' do
end end
it 'invalidates the used code' do it 'invalidates the used code' do
# FIXME (rspeicher): Broken library is broken expect { enter_code(codes.sample) }.
expect { enter_code(codes.sample) }.to change { user.otp_backup_codes.size }.by(-1) to change { user.reload.otp_backup_codes.size }.by(-1)
end end
end end
context 'with invalid code' do context 'with invalid code' do
it 'blocks login' do it 'blocks login' do
# FIXME (rspeicher): Broken library is broken
code = codes.sample code = codes.sample
expect(user.invalidate_otp_backup_code!(code)).to eq true expect(user.invalidate_otp_backup_code!(code)).to eq true
expect(user.otp_backup_codes.size).to eq 4 # Passes
user.save! user.save!
user.reload expect(user.reload.otp_backup_codes.size).to eq 4
expect(user.otp_backup_codes.size).to eq 4 # Fails... WAT?!
enter_code(code) enter_code(code)
expect(page).to have_content('Invalid two-factor code') expect(page).to have_content('Invalid two-factor code')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment