FIX: do not lock account if backup codes are available (#18982)

Currently, we have available three 2fa methods: - Token-Based Authenticators - Physical Security Keys - Two-Factor Backup Codes If the first two are deleted, user lose visibility of their backup codes, which suggests that 2fa is disabled. However, when they try to authenticate, the account is locked, and they have to ask admin to fix that problem. This PR is fixing the issue. User still sees backup codes in their panel and can use them to authenticate. In next PR, I will improve UI to clearly notify the user when 2fa is fully disabled and when it is still active.
2025-02-25 18:55:32 -06:00 · 2022-11-11 13:00:06 +11:00
parent 4692f4ee7c
commit 4db5525d25
11 changed files with 70 additions and 13 deletions
--- a/spec/serializers/admin_user_list_serializer_spec.rb
+++ b/spec/serializers/admin_user_list_serializer_spec.rb
@@ -31,6 +31,18 @@ RSpec.describe AdminUserListSerializer do
    end
  end

+  context "when backup codes enabled" do
+    before do
+      Fabricate(:user_second_factor_backup, user: user)
+    end
+
+    it "is true" do
+      json = serializer.as_json
+
+      expect(json[:second_factor_enabled]).to eq(true)
+    end
+  end
+
  describe "emails" do
    fab!(:admin) { Fabricate(:user, admin: true, email: "admin@email.com") }
    fab!(:moderator) { Fabricate(:user, moderator: true, email: "moderator@email.com") }
--- a/spec/serializers/current_user_serializer_spec.rb
+++ b/spec/serializers/current_user_serializer_spec.rb
@@ -102,6 +102,16 @@ RSpec.describe CurrentUserSerializer do
        expect(json[:second_factor_enabled]).to eq(true)
      end
    end
+
+    context "when backup codes enabled" do
+      before do
+        User.any_instance.stubs(:backup_codes_enabled?).returns(true)
+      end
+
+      it "is true" do
+        expect(json[:second_factor_enabled]).to eq(true)
+      end
+    end
  end

  describe "#groups" do
--- a/spec/serializers/user_serializer_spec.rb
+++ b/spec/serializers/user_serializer_spec.rb
@@ -250,6 +250,16 @@ RSpec.describe UserSerializer do
          expect(json[:second_factor_enabled]).to eq(true)
        end
      end
+
+      context "when backup codes enabled" do
+        before do
+          User.any_instance.stubs(:backup_codes_enabled?).returns(true)
+        end
+
+        it "is true" do
+          expect(json[:second_factor_enabled]).to eq(true)
+        end
+      end
    end

    describe "ignored and muted" do