]> source.dussan.org Git - redmine.git/commitdiff
Users without two-factor authentication enabled cannot sign out when two-factor authe...
authorGo MAEDA <maeda@farend.jp>
Fri, 16 Apr 2021 02:27:18 +0000 (02:27 +0000)
committerGo MAEDA <maeda@farend.jp>
Fri, 16 Apr 2021 02:27:18 +0000 (02:27 +0000)
Patch by Go MAEDA.

git-svn-id: http://svn.redmine.org/redmine/trunk@20949 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/account_controller.rb
test/integration/twofa_test.rb

index ad5832dadd1a8d343347913824d60bca7666929b..c6d13d4176901aea93e711a3b0f5aba5ed294698 100644 (file)
@@ -25,6 +25,7 @@ class AccountController < ApplicationController
 
   # prevents login action to be filtered by check_if_login_required application scope filter
   skip_before_action :check_if_login_required, :check_password_change
+  skip_before_action :check_twofa_activation, :only => :logout
 
   # Overrides ApplicationController#verify_authenticity_token to disable
   # token verification on openid callbacks
index 36412a7c22174b5ff145e39d9df612d7add7cbc2..a787e2770a6ff51d243888ab69dd02046d45f71a 100644 (file)
@@ -43,6 +43,19 @@ class TwofaTest < Redmine::IntegrationTest
     end
   end
 
+  test 'should allow logout even if twofa setup is required' do
+    with_settings twofa: '2' do
+      log_user('jsmith', 'jsmith')
+      follow_redirect!
+      assert_redirected_to '/my/twofa/totp/activate/confirm'
+      follow_redirect!
+      post '/logout'
+      assert_redirected_to '/'
+      follow_redirect!
+      assert_response :success
+    end
+  end
+
   test "should generate and accept backup codes" do
     log_user('jsmith', 'jsmith')
     get "/my/account"