Merge branch 'rs-disable-2fa' into 'master'

Add User#disable_two_factor! This method encapsulates all the logic for disabling 2FA on a specific User model. See merge request !961

Merge branch 'rs-disable-2fa' into 'master'
Add User#disable_two_factor! This method encapsulates all the logic for disabling 2FA on a specific User model. See merge request !961
d93da8be · Dmitriy Zaporozhets · 10d5da78 · 22724418 · d93da8be · d93da8be
Commit d93da8be authored Jul 13, 2015 by Dmitriy Zaporozhets
5 changed files
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -29,13 +29,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
  end

  def destroy
-    current_user.update_attributes({
-      two_factor_enabled:        false,
-      encrypted_otp_secret:      nil,
-      encrypted_otp_secret_iv:   nil,
-      encrypted_otp_secret_salt: nil,
-      otp_backup_codes:          nil
-    })
+    current_user.disable_two_factor!

    redirect_to profile_account_path
  end

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -322,6 +322,16 @@ class User < ActiveRecord::Base
    @reset_token
  end

+  def disable_two_factor!
+    update_attributes(
+      two_factor_enabled:        false,
+      encrypted_otp_secret:      nil,
+      encrypted_otp_secret_iv:   nil,
+      encrypted_otp_secret_salt: nil,
+      otp_backup_codes:          nil
+    )
+  end
+
  def namespace_uniq
    namespace_name = self.username
    existing_namespace = Namespace.by_path(namespace_name)

--- a/spec/controllers/profiles/two_factor_auths_controller_spec.rb
+++ b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
@@ -105,19 +105,12 @@ describe Profiles::TwoFactorAuthsController do
  end

  describe 'DELETE destroy' do
-    let(:user)   { create(:user, :two_factor) }
-    let!(:codes) { user.generate_otp_backup_codes! }
+    let(:user) { create(:user, :two_factor) }

-    it 'clears all 2FA-related fields' do
-      expect(user).to be_two_factor_enabled
-      expect(user.otp_backup_codes).not_to be_nil
-      expect(user.encrypted_otp_secret).not_to be_nil
+    it 'disables two factor' do
+      expect(user).to receive(:disable_two_factor!)

      delete :destroy
-
-      expect(user).not_to be_two_factor_enabled
-      expect(user.otp_backup_codes).to be_nil
-      expect(user.encrypted_otp_secret).to be_nil
    end

    it 'redirects to profile_account_path' do

--- a/spec/factories.rb
+++ b/spec/factories.rb
@@ -32,6 +32,7 @@ FactoryGirl.define do
      before(:create) do |user|
        user.two_factor_enabled = true
        user.otp_secret = User.generate_otp_secret(32)
+        user.generate_otp_backup_codes!
      end
    end


--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -217,6 +217,24 @@ describe User do
    end
  end

+  describe '#disable_two_factor!' do
+    it 'clears all 2FA-related fields' do
+      user = create(:user, :two_factor)
+
+      expect(user).to be_two_factor_enabled
+      expect(user.encrypted_otp_secret).not_to be_nil
+      expect(user.otp_backup_codes).not_to be_nil
+
+      user.disable_two_factor!
+
+      expect(user).not_to be_two_factor_enabled
+      expect(user.encrypted_otp_secret).to be_nil
+      expect(user.encrypted_otp_secret_iv).to be_nil
+      expect(user.encrypted_otp_secret_salt).to be_nil
+      expect(user.otp_backup_codes).to be_nil
+    end
+  end
+
  describe 'projects' do
    before do
      @user = create :user