diff options
| -rw-r--r-- | app/controllers/account_controller.rb | 1 | ||||
| -rw-r--r-- | test/integration/twofa_test.rb | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index ad5832dad..c6d13d417 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -25,6 +25,7 @@ class AccountController < ApplicationController # prevents login action to be filtered by check_if_login_required application scope filter skip_before_action :check_if_login_required, :check_password_change + skip_before_action :check_twofa_activation, :only => :logout # Overrides ApplicationController#verify_authenticity_token to disable # token verification on openid callbacks diff --git a/test/integration/twofa_test.rb b/test/integration/twofa_test.rb index 36412a7c2..a787e2770 100644 --- a/test/integration/twofa_test.rb +++ b/test/integration/twofa_test.rb @@ -43,6 +43,19 @@ class TwofaTest < Redmine::IntegrationTest end end + test 'should allow logout even if twofa setup is required' do + with_settings twofa: '2' do + log_user('jsmith', 'jsmith') + follow_redirect! + assert_redirected_to '/my/twofa/totp/activate/confirm' + follow_redirect! + post '/logout' + assert_redirected_to '/' + follow_redirect! + assert_response :success + end + end + test "should generate and accept backup codes" do log_user('jsmith', 'jsmith') get "/my/account" |