From 5d4c2a89e1fab328f651d3ad93b62c34d7222cef Mon Sep 17 00:00:00 2001 From: Jeff Wong Date: Fri, 24 Jan 2025 11:51:12 -0800 Subject: [PATCH] FIX: enforce second factor with subfolders (#30993) fix an improper redirect when enforcing second factor under a subfolder install backport of #30992 --- app/controllers/application_controller.rb | 2 +- spec/requests/application_controller_spec.rb | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e50a212bcac..b82a430ba11 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -893,7 +893,7 @@ class ApplicationController < ActionController::Base redirect_path = path("/u/#{current_user.encoded_username}/preferences/second-factor") if !request.fullpath.start_with?(redirect_path) - redirect_to path(redirect_path) + redirect_to redirect_path nil end end diff --git a/spec/requests/application_controller_spec.rb b/spec/requests/application_controller_spec.rb index f0ee085ae21..57b40eab525 100644 --- a/spec/requests/application_controller_spec.rb +++ b/spec/requests/application_controller_spec.rb @@ -142,6 +142,15 @@ RSpec.describe ApplicationController do expect(response).to redirect_to("/u/#{admin.username}/preferences/second-factor") end + it "should properly redirect admins when enforce_second_factor is 'all' in subfolder" do + set_subfolder "/forum" + SiteSetting.enforce_second_factor = "all" + sign_in(admin) + + get "/" + expect(response).to redirect_to("/forum/u/#{admin.username}/preferences/second-factor") + end + it "should redirect users when enforce_second_factor is 'all'" do SiteSetting.enforce_second_factor = "all" sign_in(user)