From 77730103c72f814fb412c3dcb42baacc0e13737c Mon Sep 17 00:00:00 2001 From: Go MAEDA Date: Sun, 18 Apr 2021 05:39:29 +0000 Subject: [PATCH] Merged r20949 from trunk to 4.2-stable (#35087). git-svn-id: http://svn.redmine.org/redmine/branches/4.2-stable@20950 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/account_controller.rb | 1 + test/integration/twofa_test.rb | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index ad5832dad..c6d13d417 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -25,6 +25,7 @@ class AccountController < ApplicationController # prevents login action to be filtered by check_if_login_required application scope filter skip_before_action :check_if_login_required, :check_password_change + skip_before_action :check_twofa_activation, :only => :logout # Overrides ApplicationController#verify_authenticity_token to disable # token verification on openid callbacks diff --git a/test/integration/twofa_test.rb b/test/integration/twofa_test.rb index 36412a7c2..a787e2770 100644 --- a/test/integration/twofa_test.rb +++ b/test/integration/twofa_test.rb @@ -43,6 +43,19 @@ class TwofaTest < Redmine::IntegrationTest end end + test 'should allow logout even if twofa setup is required' do + with_settings twofa: '2' do + log_user('jsmith', 'jsmith') + follow_redirect! + assert_redirected_to '/my/twofa/totp/activate/confirm' + follow_redirect! + post '/logout' + assert_redirected_to '/' + follow_redirect! + assert_response :success + end + end + test "should generate and accept backup codes" do log_user('jsmith', 'jsmith') get "/my/account" -- 2.39.5