Patch by Go MAEDA. git-svn-id: http://svn.redmine.org/redmine/trunk@20949 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/5.0.0
@@ -25,6 +25,7 @@ class AccountController < ApplicationController | |||
# prevents login action to be filtered by check_if_login_required application scope filter | |||
skip_before_action :check_if_login_required, :check_password_change | |||
skip_before_action :check_twofa_activation, :only => :logout | |||
# Overrides ApplicationController#verify_authenticity_token to disable | |||
# token verification on openid callbacks |
@@ -43,6 +43,19 @@ class TwofaTest < Redmine::IntegrationTest | |||
end | |||
end | |||
test 'should allow logout even if twofa setup is required' do | |||
with_settings twofa: '2' do | |||
log_user('jsmith', 'jsmith') | |||
follow_redirect! | |||
assert_redirected_to '/my/twofa/totp/activate/confirm' | |||
follow_redirect! | |||
post '/logout' | |||
assert_redirected_to '/' | |||
follow_redirect! | |||
assert_response :success | |||
end | |||
end | |||
test "should generate and accept backup codes" do | |||
log_user('jsmith', 'jsmith') | |||
get "/my/account" |