mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 18:30:26 -06:00
FIX: Confirm new email with backup codes enabled
This is a fix for this bug:
https://meta.discourse.org/t/-/133185?u=blake
where rails would throw a missing template error when trying to confirm
a new email address when you had two factor backup codes enabled.
Apparently this feature broke during this commit:
68d35b14f4
when a partial that contained a lot of javascript was removed most
likely because it didn't comply with our Content Security Policy, so as
a fix I rewrote the previous js functionality without using any
javascript and then added a spec to verify that the correct backup code
form is displayed when that page is loaded.
This commit is contained in:
parent
ff355ad204
commit
3b16eb7abb
@ -8,21 +8,26 @@
|
||||
<br>
|
||||
<a class="btn" href="/"><%= t('change_email.please_continue', site_name: SiteSetting.title) %></a>
|
||||
<% elsif @update_result == :invalid_second_factor%>
|
||||
<div id="primary-second-factor-form">
|
||||
<h2><%= t('login.second_factor_title') %></h2>
|
||||
<br>
|
||||
<%=form_tag({}, method: :put) do %>
|
||||
<%= label_tag(:second_factor_token, t('login.second_factor_description')) %>
|
||||
<div><%= render 'common/second_factor_text_field' %></div>
|
||||
<% if @show_invalid_second_factor_error %>
|
||||
<div class='alert alert-error'><%= t('login.invalid_second_factor_code') %></div>
|
||||
<% if !params[:show_backup] || params[:show_backup] == "false" %>
|
||||
<div id="primary-second-factor-form">
|
||||
<h2><%= t('login.second_factor_title') %></h2>
|
||||
<br>
|
||||
<%=form_tag({}, method: :put) do %>
|
||||
<%= label_tag(:second_factor_token, t('login.second_factor_description')) %>
|
||||
<div><%= render 'common/second_factor_text_field' %></div>
|
||||
<% if @show_invalid_second_factor_error %>
|
||||
<div class='alert alert-error'><%= t('login.invalid_second_factor_code') %></div>
|
||||
<% end %>
|
||||
<%= submit_tag t('submit'), class: "btn btn-primary" %>
|
||||
<% end %>
|
||||
<%= submit_tag t('submit'), class: "btn btn-primary" %>
|
||||
</div>
|
||||
<% if @backup_codes_enabled %>
|
||||
<%= link_to t("login.second_factor_toggle.backup_code"), show_backup: "true" %>
|
||||
<% end %>
|
||||
</div>
|
||||
<% end %>
|
||||
|
||||
<%if @backup_codes_enabled %>
|
||||
<div id="backup-second-factor-form" style="display: none">
|
||||
<% if @backup_codes_enabled && params[:show_backup] == "true" %>
|
||||
<div id="backup-second-factor-form" style="">
|
||||
<h2><%= t('login.second_factor_backup_title') %></h2>
|
||||
<br>
|
||||
<%= form_tag({}, method: :put) do%>
|
||||
@ -32,8 +37,7 @@
|
||||
<%end%>
|
||||
|
||||
</div>
|
||||
<a href id="toggle-form"><%=t "login.second_factor_backup" %></a>
|
||||
<%= render 'common/second_factor_form_script' %>
|
||||
<%= link_to t("login.second_factor_toggle.totp"), show_backup: "false" %>
|
||||
<%end%>
|
||||
<% else %>
|
||||
<div class='alert alert-error'>
|
||||
|
@ -74,6 +74,7 @@ describe UsersEmailController do
|
||||
|
||||
context 'second factor required' do
|
||||
fab!(:second_factor) { Fabricate(:user_second_factor_totp, user: user) }
|
||||
fab!(:backup_code) { Fabricate(:user_second_factor_backup, user: user) }
|
||||
|
||||
it 'requires a second factor token' do
|
||||
get "/u/authorize-email/#{user.email_tokens.last.token}"
|
||||
@ -86,6 +87,16 @@ describe UsersEmailController do
|
||||
expect(response_body).not_to include(I18n.t("login.invalid_second_factor_code"))
|
||||
end
|
||||
|
||||
it 'requires a backup token' do
|
||||
get "/u/authorize-email/#{user.email_tokens.last.token}?show_backup=true"
|
||||
|
||||
expect(response.status).to eq(200)
|
||||
|
||||
response_body = response.body
|
||||
|
||||
expect(response_body).to include(I18n.t("login.second_factor_backup_title"))
|
||||
end
|
||||
|
||||
it 'adds an error on a second factor attempt' do
|
||||
get "/u/authorize-email/#{user.email_tokens.last.token}", params: {
|
||||
second_factor_token: "000000",
|
||||
|
Loading…
Reference in New Issue
Block a user