mirror of
https://github.com/discourse/discourse.git
synced 2024-12-20 14:43:43 +08:00
80ac3275ba
- limits security key deletes to second factor keys - also deletes backup codes (lingering backup codes break login flow entirely) * Add spec for rake task to disable 2FA for a user
41 lines
1.4 KiB
Ruby
41 lines
1.4 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe "tasks/users" do
|
|
before do
|
|
Rake::Task.clear
|
|
Discourse::Application.load_tasks
|
|
end
|
|
|
|
describe "users:disable_2fa" do
|
|
let(:user) { Fabricate(:user) }
|
|
|
|
it "should remove all 2fa methods for user with given username" do
|
|
Fabricate(:user_second_factor_totp, user: user, name: "TOTP", enabled: true)
|
|
Fabricate(:user_second_factor_totp, user: user, name: "TOTP2", enabled: true)
|
|
Fabricate(
|
|
:user_security_key_with_random_credential,
|
|
user: user,
|
|
name: "YubiKey",
|
|
enabled: true,
|
|
)
|
|
Fabricate(:passkey_with_random_credential, user: user) # This should not be removed
|
|
|
|
backup_codes = user.generate_backup_codes
|
|
|
|
expect(backup_codes.length).to be 10
|
|
expect(user.user_second_factors.backup_codes).to be_present
|
|
expect(user.user_second_factors.totps.count).to eq(2)
|
|
expect(user.second_factor_security_keys.count).to eq(1)
|
|
|
|
stdout = capture_stdout { Rake::Task["users:disable_2fa"].invoke(user.username) }
|
|
user.reload
|
|
|
|
expect(stdout.chomp).to eq("2FA disabled for #{user.username}")
|
|
expect(user.user_second_factors.totps.count).to eq(0)
|
|
expect(user.second_factor_security_keys.count).to eq(0)
|
|
expect(user.user_second_factors.backup_codes.count).to eq(0)
|
|
expect(user.passkey_credential_ids.count).to eq(1)
|
|
end
|
|
end
|
|
end
|