FIX: second factor cannot be enabled if SSO is enabled (#10880)

* FIX: second factor cannot be enabled if SSO is enabled If `enable_sso` setting is enabled then admin should not be able to enable `enforce_second_factor` setting as that will lock users out. Co-authored-by: Robin Ward <robin.ward@gmail.com>
2025-02-25 18:55:32 -06:00 · 2020-10-09 22:36:38 +05:30
parent d96b35b0f5
commit 4326827a4e
3 changed files with 16 additions and 0 deletions
--- a/spec/lib/site_settings/validations_spec.rb
+++ b/spec/lib/site_settings/validations_spec.rb
@@ -149,6 +149,18 @@ describe SiteSettings::Validations do
          expect { subject.validate_enforce_second_factor("all") }.to raise_error(Discourse::InvalidParameters, error_message)
        end
      end
+
+      context "when SSO is enabled" do
+        let(:error_message) { I18n.t("errors.site_settings.second_factor_cannot_be_enforced_with_sso_enabled") }
+        before do
+          SiteSetting.sso_url = "https://www.example.com/sso"
+          SiteSetting.enable_sso = true
+        end
+
+        it "should raise an error" do
+          expect { subject.validate_enforce_second_factor("t") }.to raise_error(Discourse::InvalidParameters, error_message)
+        end
+      end
    end

    describe "#validate_enable_local_logins" do