From 77730103c72f814fb412c3dcb42baacc0e13737c Mon Sep 17 00:00:00 2001
From: Go MAEDA <maeda@farend.jp>
Date: Sun, 18 Apr 2021 05:39:29 +0000
Subject: [PATCH] Merged r20949 from trunk to 4.2-stable (#35087).

git-svn-id: http://svn.redmine.org/redmine/branches/4.2-stable@20950 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/account_controller.rb |  1 +
 test/integration/twofa_test.rb        | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index ad5832dad..c6d13d417 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -25,6 +25,7 @@ class AccountController < ApplicationController
 
   # prevents login action to be filtered by check_if_login_required application scope filter
   skip_before_action :check_if_login_required, :check_password_change
+  skip_before_action :check_twofa_activation, :only => :logout
 
   # Overrides ApplicationController#verify_authenticity_token to disable
   # token verification on openid callbacks
diff --git a/test/integration/twofa_test.rb b/test/integration/twofa_test.rb
index 36412a7c2..a787e2770 100644
--- a/test/integration/twofa_test.rb
+++ b/test/integration/twofa_test.rb
@@ -43,6 +43,19 @@ class TwofaTest < Redmine::IntegrationTest
     end
   end
 
+  test 'should allow logout even if twofa setup is required' do
+    with_settings twofa: '2' do
+      log_user('jsmith', 'jsmith')
+      follow_redirect!
+      assert_redirected_to '/my/twofa/totp/activate/confirm'
+      follow_redirect!
+      post '/logout'
+      assert_redirected_to '/'
+      follow_redirect!
+      assert_response :success
+    end
+  end
+
   test "should generate and accept backup codes" do
     log_user('jsmith', 'jsmith')
     get "/my/account"
-- 
2.39.5