From f7dca6a48dc27e0849982f9df24d8a04ab4ca573 Mon Sep 17 00:00:00 2001
From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Wed, 28 Jul 2021 17:34:41 +0000
Subject: [PATCH] Merged r21104 to 4.2-stable (#35417).

git-svn-id: http://svn.redmine.org/redmine/branches/4.2-stable@21107 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 test/integration/twofa_test.rb | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/test/integration/twofa_test.rb b/test/integration/twofa_test.rb
index a787e2770..03ab6b2fc 100644
--- a/test/integration/twofa_test.rb
+++ b/test/integration/twofa_test.rb
@@ -167,4 +167,30 @@ class TwofaTest < Redmine::IntegrationTest
       assert_response :success
     end
   end
+
+  def test_enable_twofa_should_destroy_tokens
+    recovery_token = Token.create!(:user_id => 2, :action => 'recovery')
+    autologin_token = Token.create!(:user_id => 2, :action => 'autologin')
+
+    with_settings twofa: "2" do
+      log_user('jsmith', 'jsmith')
+      follow_redirect!
+      assert_redirected_to "/my/twofa/totp/activate/confirm"
+      follow_redirect!
+
+      assert key = User.find_by_login('jsmith').twofa_totp_key
+      assert key.present?
+      totp = ROTP::TOTP.new key
+
+      post "/my/twofa/totp/activate", params: {twofa_code: '123456789'}
+      assert_redirected_to "/my/twofa/totp/activate/confirm"
+      follow_redirect!
+
+      post "/my/twofa/totp/activate", params: {twofa_code: totp.now}
+      assert_redirected_to "/my/account"
+    end
+
+    assert_nil Token.find_by_id(recovery_token.id)
+    assert_nil Token.find_by_id(autologin_token.id)
+  end
 end
-- 
2.39.5