forked from treehouse/mastodon
Catch error when server decryption fails on 2FA (#2512)
parent
1736badf28
commit
b48f2cbc8b
|
@ -51,6 +51,8 @@ class Auth::SessionsController < Devise::SessionsController
|
||||||
def valid_otp_attempt?(user)
|
def valid_otp_attempt?(user)
|
||||||
user.validate_and_consume_otp!(user_params[:otp_attempt]) ||
|
user.validate_and_consume_otp!(user_params[:otp_attempt]) ||
|
||||||
user.invalidate_otp_backup_code!(user_params[:otp_attempt])
|
user.invalidate_otp_backup_code!(user_params[:otp_attempt])
|
||||||
|
rescue OpenSSL::Cipher::CipherError => error
|
||||||
|
false
|
||||||
end
|
end
|
||||||
|
|
||||||
def authenticate_with_two_factor
|
def authenticate_with_two_factor
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
|
|
||||||
RSpec.describe Auth::SessionsController, type: :controller do
|
RSpec.describe Auth::SessionsController, type: :controller do
|
||||||
|
@ -90,6 +92,21 @@ RSpec.describe Auth::SessionsController, type: :controller do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when the server has an decryption error' do
|
||||||
|
before do
|
||||||
|
allow_any_instance_of(User).to receive(:validate_and_consume_otp!).and_raise(OpenSSL::Cipher::CipherError)
|
||||||
|
post :create, params: { user: { otp_attempt: user.current_otp } }, session: { otp_user_id: user.id }
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'shows a login error' do
|
||||||
|
expect(flash[:alert]).to match I18n.t('users.invalid_otp_token')
|
||||||
|
end
|
||||||
|
|
||||||
|
it "doesn't log the user in" do
|
||||||
|
expect(controller.current_user).to be_nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'using a valid recovery code' do
|
context 'using a valid recovery code' do
|
||||||
before do
|
before do
|
||||||
post :create, params: { user: { otp_attempt: recovery_codes.first } }, session: { otp_user_id: user.id }
|
post :create, params: { user: { otp_attempt: recovery_codes.first } }, session: { otp_user_id: user.id }
|
||||||
|
|
Loading…
Reference in New Issue