From f7dca6a48dc27e0849982f9df24d8a04ab4ca573 Mon Sep 17 00:00:00 2001 From: Marius Balteanu Date: Wed, 28 Jul 2021 17:34:41 +0000 Subject: [PATCH] Merged r21104 to 4.2-stable (#35417). git-svn-id: http://svn.redmine.org/redmine/branches/4.2-stable@21107 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- test/integration/twofa_test.rb | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/test/integration/twofa_test.rb b/test/integration/twofa_test.rb index a787e2770..03ab6b2fc 100644 --- a/test/integration/twofa_test.rb +++ b/test/integration/twofa_test.rb @@ -167,4 +167,30 @@ class TwofaTest < Redmine::IntegrationTest assert_response :success end end + + def test_enable_twofa_should_destroy_tokens + recovery_token = Token.create!(:user_id => 2, :action => 'recovery') + autologin_token = Token.create!(:user_id => 2, :action => 'autologin') + + with_settings twofa: "2" do + log_user('jsmith', 'jsmith') + follow_redirect! + assert_redirected_to "/my/twofa/totp/activate/confirm" + follow_redirect! + + assert key = User.find_by_login('jsmith').twofa_totp_key + assert key.present? + totp = ROTP::TOTP.new key + + post "/my/twofa/totp/activate", params: {twofa_code: '123456789'} + assert_redirected_to "/my/twofa/totp/activate/confirm" + follow_redirect! + + post "/my/twofa/totp/activate", params: {twofa_code: totp.now} + assert_redirected_to "/my/account" + end + + assert_nil Token.find_by_id(recovery_token.id) + assert_nil Token.find_by_id(autologin_token.id) + end end -- 2.39.5