Update user spec otp secret check

2023-12-10 12:32:20 -05:00 · 2023-12-10 12:32:20 -05:00 · 0b15751a63
parent 676fa84aff
commit 0b15751a63
2 changed files with 15 additions and 8 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -54,7 +54,6 @@ class User < ApplicationRecord
  )

  include LanguagesHelper
-  include LegacyOtpSecret
  include Redisable
  include User::HasSettings
  include User::LdapAuthenticable
@ -73,6 +72,8 @@ class User < ApplicationRecord
  devise :two_factor_authenticatable,
         otp_secret_encryption_key: Rails.configuration.x.otp_secret

+  include LegacyOtpSecret # Must be after the above `devise` line in order to override the legacy method
+
  devise :two_factor_backupable,
         otp_number_of_backup_codes: 10

@ -132,11 +133,6 @@ class User < ApplicationRecord
  normalizes :time_zone, with: ->(time_zone) { ActiveSupport::TimeZone[time_zone].nil? ? nil : time_zone }
  normalizes :chosen_languages, with: ->(chosen_languages) { chosen_languages.compact_blank.presence }

-  # This avoids a deprecation warning from Rails 5.1
-  # It seems possible that a future release of devise-two-factor will
-  # handle this itself, and this can be removed from our User class.
-  attribute :otp_secret
-
  has_many :session_activations, dependent: :destroy

  delegate :can?, to: :role
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -9,14 +9,25 @@ RSpec.describe User do

  it_behaves_like 'two_factor_backupable'

-  describe 'otp_secret' do
+  describe 'legacy_otp_secret' do
    it 'is encrypted with OTP_SECRET environment variable' do
      user = Fabricate(:user,
                       encrypted_otp_secret: "Fttsy7QAa0edaDfdfSz094rRLAxc8cJweDQ4BsWH/zozcdVA8o9GLqcKhn2b\nGi/V\n",
                       encrypted_otp_secret_iv: 'rys3THICkr60BoWC',
                       encrypted_otp_secret_salt: '_LMkAGvdg7a+sDIKjI3mR2Q==')

-      expect(user.otp_secret).to eq 'anotpsecretthatshouldbeencrypted'
+      expect(user.send(:legacy_otp_secret)).to eq 'anotpsecretthatshouldbeencrypted'
+    end
+  end
+
+  describe 'otp_secret' do
+    it 'encrypts the saved value' do
+      user = Fabricate(:user, otp_secret: '123123123')
+
+      user.reload
+
+      expect(user.otp_secret).to eq '123123123'
+      expect(user.attributes_before_type_cast[:otp_secret]).to_not eq '123123123'
    end
  end