From: Go MAEDA Date: Wed, 23 Dec 2020 03:47:45 +0000 (+0000) Subject: Users API should return twofa_scheme only for administrators (#34242). X-Git-Tag: 4.2.0~137 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=988a36babc2b203d7a8de40eef390962f8a11313;p=redmine.git Users API should return twofa_scheme only for administrators (#34242). git-svn-id: http://svn.redmine.org/redmine/trunk@20687 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/views/users/show.api.rsb b/app/views/users/show.api.rsb index 5fe3d5b1c..a19a8c637 100644 --- a/app/views/users/show.api.rsb +++ b/app/views/users/show.api.rsb @@ -9,7 +9,7 @@ api.user do api.updated_on @user.updated_on api.last_login_on @user.last_login_on api.passwd_changed_on @user.passwd_changed_on - api.twofa_scheme @user.twofa_scheme + api.twofa_scheme @user.twofa_scheme if User.current.admin? || (User.current == @user) api.api_key @user.api_key if User.current.admin? || (User.current == @user) api.status @user.status if User.current.admin? diff --git a/test/integration/api_test/users_test.rb b/test/integration/api_test/users_test.rb index b79791a7c..d54701ad5 100644 --- a/test/integration/api_test/users_test.rb +++ b/test/integration/api_test/users_test.rb @@ -84,7 +84,6 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base assert_select 'user id', :text => '2' assert_select 'user updated_on', :text => Time.zone.parse('2006-07-19T20:42:15Z').iso8601 assert_select 'user passwd_changed_on', :text => '' - assert_select 'user twofa_scheme', :text => '' end test "GET /users/:id.json should return the user" do @@ -174,6 +173,20 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base assert_select 'user admin', 0 end + test "GET /users/:id should not return twofa_scheme for standard user" do + User.find(2).update(twofa_scheme: 'totp') + get '/users/3.xml', :headers => credentials('jsmith') + assert_response :success + assert_select 'twofa_scheme', 0 + end + + test "GET /users/:id should return twofa_scheme for administrators" do + User.find(2).update(twofa_scheme: 'totp') + get '/users/2.xml', :headers => credentials('admin') + assert_response :success + assert_select 'twofa_scheme', :text => 'totp' + end + test "POST /users.xml with valid parameters should create the user" do assert_difference('User.count') do post(