Browse Source

Users without two-factor authentication enabled cannot sign out when two-factor authentication is required (#35087).

Patch by Go MAEDA.


git-svn-id: http://svn.redmine.org/redmine/trunk@20949 e93f8b46-1217-0410-a6f0-8f06a7374b81
tags/5.0.0
Go MAEDA 2 years ago
parent
commit
f9e937f85a
2 changed files with 14 additions and 0 deletions
  1. 1
    0
      app/controllers/account_controller.rb
  2. 13
    0
      test/integration/twofa_test.rb

+ 1
- 0
app/controllers/account_controller.rb View File

@@ -25,6 +25,7 @@ class AccountController < ApplicationController

# prevents login action to be filtered by check_if_login_required application scope filter
skip_before_action :check_if_login_required, :check_password_change
skip_before_action :check_twofa_activation, :only => :logout

# Overrides ApplicationController#verify_authenticity_token to disable
# token verification on openid callbacks

+ 13
- 0
test/integration/twofa_test.rb View File

@@ -43,6 +43,19 @@ class TwofaTest < Redmine::IntegrationTest
end
end

test 'should allow logout even if twofa setup is required' do
with_settings twofa: '2' do
log_user('jsmith', 'jsmith')
follow_redirect!
assert_redirected_to '/my/twofa/totp/activate/confirm'
follow_redirect!
post '/logout'
assert_redirected_to '/'
follow_redirect!
assert_response :success
end
end

test "should generate and accept backup codes" do
log_user('jsmith', 'jsmith')
get "/my/account"

Loading…
Cancel
Save