diff options
author | James Lopez <james@gitlab.com> | 2019-05-22 07:59:15 +0000 |
---|---|---|
committer | James Lopez <james@gitlab.com> | 2019-05-22 07:59:15 +0000 |
commit | 1645cec1298c7cabefaa8fbc05f0774074a8f521 (patch) | |
tree | d4643f342945ca45f3fe71c1ba34118a9dc88349 | |
parent | 6d495d6589dc874a623a849b85495569fbffd746 (diff) | |
parent | fa3aa0c5a7e8910a658572dce3ad5291e1112db1 (diff) | |
download | gitlab-ce-1645cec1298c7cabefaa8fbc05f0774074a8f521.tar.gz |
Merge branch '61441' into 'master'
#61441 Allow user to set email ID before setting up 2FA
See merge request gitlab-org/gitlab-ce!28097
-rw-r--r-- | app/controllers/concerns/enforces_two_factor_authentication.rb | 2 | ||||
-rw-r--r-- | changelogs/unreleased/61441.yml | 5 | ||||
-rw-r--r-- | spec/controllers/application_controller_spec.rb | 21 |
3 files changed, 24 insertions, 4 deletions
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb index 71bdef8ce03..0fddf15d197 100644 --- a/app/controllers/concerns/enforces_two_factor_authentication.rb +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -16,7 +16,7 @@ module EnforcesTwoFactorAuthentication end def check_two_factor_requirement - if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled? && !skip_two_factor? + if two_factor_authentication_required? && current_user && !current_user.temp_oauth_email? && !current_user.two_factor_enabled? && !skip_two_factor? redirect_to profile_two_factor_auth_path end end diff --git a/changelogs/unreleased/61441.yml b/changelogs/unreleased/61441.yml new file mode 100644 index 00000000000..2ad0c6f62d3 --- /dev/null +++ b/changelogs/unreleased/61441.yml @@ -0,0 +1,5 @@ +--- +title: Allow user to set primary email first when 2FA is required +merge_request: 28097 +author: Kartikey Tanna +type: fixed diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 7296a4b4526..5ecd1b6b7c8 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -206,8 +206,19 @@ describe ApplicationController do describe '#check_two_factor_requirement' do subject { controller.send :check_two_factor_requirement } + it 'does not redirect if user has temporary oauth email' do + oauth_user = create(:user, email: 'temp-email-for-oauth@email.com') + allow(controller).to receive(:two_factor_authentication_required?).and_return(true) + allow(controller).to receive(:current_user).and_return(oauth_user) + + expect(controller).not_to receive(:redirect_to) + + subject + end + it 'does not redirect if 2FA is not required' do allow(controller).to receive(:two_factor_authentication_required?).and_return(false) + expect(controller).not_to receive(:redirect_to) subject @@ -216,6 +227,7 @@ describe ApplicationController do it 'does not redirect if user is not logged in' do allow(controller).to receive(:two_factor_authentication_required?).and_return(true) allow(controller).to receive(:current_user).and_return(nil) + expect(controller).not_to receive(:redirect_to) subject @@ -223,8 +235,9 @@ describe ApplicationController do it 'does not redirect if user has 2FA enabled' do allow(controller).to receive(:two_factor_authentication_required?).and_return(true) - allow(controller).to receive(:current_user).twice.and_return(user) + allow(controller).to receive(:current_user).thrice.and_return(user) allow(user).to receive(:two_factor_enabled?).and_return(true) + expect(controller).not_to receive(:redirect_to) subject @@ -232,9 +245,10 @@ describe ApplicationController do it 'does not redirect if 2FA setup can be skipped' do allow(controller).to receive(:two_factor_authentication_required?).and_return(true) - allow(controller).to receive(:current_user).twice.and_return(user) + allow(controller).to receive(:current_user).thrice.and_return(user) allow(user).to receive(:two_factor_enabled?).and_return(false) allow(controller).to receive(:skip_two_factor?).and_return(true) + expect(controller).not_to receive(:redirect_to) subject @@ -242,10 +256,11 @@ describe ApplicationController do it 'redirects to 2FA setup otherwise' do allow(controller).to receive(:two_factor_authentication_required?).and_return(true) - allow(controller).to receive(:current_user).twice.and_return(user) + allow(controller).to receive(:current_user).thrice.and_return(user) allow(user).to receive(:two_factor_enabled?).and_return(false) allow(controller).to receive(:skip_two_factor?).and_return(false) allow(controller).to receive(:profile_two_factor_auth_path) + expect(controller).to receive(:redirect_to) subject |