FIX: Confirm new email with backup codes enabled

This is a fix for this bug: https://meta.discourse.org/t/-/133185?u=blake where rails would throw a missing template error when trying to confirm a new email address when you had two factor backup codes enabled. Apparently this feature broke during this commit: 68d35b14f4 when a partial that contained a lot of javascript was removed most likely because it didn't comply with our Content Security Policy, so as a fix I rewrote the previous js functionality without using any javascript and then added a spec to verify that the correct backup code form is displayed when that page is loaded.
2025-02-25 18:55:32 -06:00 · 2019-11-14 16:19:23 -07:00
parent ff355ad204
commit 3b16eb7abb
2 changed files with 29 additions and 14 deletions
--- a/spec/requests/users_email_controller_spec.rb
+++ b/spec/requests/users_email_controller_spec.rb
@@ -74,6 +74,7 @@ describe UsersEmailController do

      context 'second factor required' do
        fab!(:second_factor) { Fabricate(:user_second_factor_totp, user: user) }
+        fab!(:backup_code) { Fabricate(:user_second_factor_backup, user: user) }

        it 'requires a second factor token' do
          get "/u/authorize-email/#{user.email_tokens.last.token}"
@@ -86,6 +87,16 @@ describe UsersEmailController do
          expect(response_body).not_to include(I18n.t("login.invalid_second_factor_code"))
        end

+        it 'requires a backup token' do
+          get "/u/authorize-email/#{user.email_tokens.last.token}?show_backup=true"
+
+          expect(response.status).to eq(200)
+
+          response_body = response.body
+
+          expect(response_body).to include(I18n.t("login.second_factor_backup_title"))
+        end
+
        it 'adds an error on a second factor attempt' do
          get "/u/authorize-email/#{user.email_tokens.last.token}", params: {
            second_factor_token: "000000",