From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Wed, 28 Jul 2021 15:59:03 +0000 (+0000)
Subject: Adds test for #35417.
X-Git-Tag: 5.0.0~319
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=14e7b1a8e633340ec990b0f44dae625233423e74;p=redmine.git

Adds test for #35417.

git-svn-id: http://svn.redmine.org/redmine/trunk@21104 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/test/integration/twofa_test.rb b/test/integration/twofa_test.rb
index a25fa2895..545f2a419 100644
--- a/test/integration/twofa_test.rb
+++ b/test/integration/twofa_test.rb
@@ -193,4 +193,30 @@ class TwofaTest < Redmine::IntegrationTest
       assert_response :success
     end
   end
+
+  def test_enable_twofa_should_destroy_tokens
+    recovery_token = Token.create!(:user_id => 2, :action => 'recovery')
+    autologin_token = Token.create!(:user_id => 2, :action => 'autologin')
+
+    with_settings twofa: "2" do
+      log_user('jsmith', 'jsmith')
+      follow_redirect!
+      assert_redirected_to "/my/twofa/totp/activate/confirm"
+      follow_redirect!
+
+      assert key = User.find_by_login('jsmith').twofa_totp_key
+      assert key.present?
+      totp = ROTP::TOTP.new key
+
+      post "/my/twofa/totp/activate", params: {twofa_code: '123456789'}
+      assert_redirected_to "/my/twofa/totp/activate/confirm"
+      follow_redirect!
+
+      post "/my/twofa/totp/activate", params: {twofa_code: totp.now}
+      assert_redirected_to "/my/account"
+    end
+
+    assert_nil Token.find_by_id(recovery_token.id)
+    assert_nil Token.find_by_id(autologin_token.id)
+  end
 end