mirror of https://github.com/mastodon/mastodon
Update user spec otp secret check
This commit is contained in:
parent
676fa84aff
commit
0b15751a63
|
@ -54,7 +54,6 @@ class User < ApplicationRecord
|
|||
)
|
||||
|
||||
include LanguagesHelper
|
||||
include LegacyOtpSecret
|
||||
include Redisable
|
||||
include User::HasSettings
|
||||
include User::LdapAuthenticable
|
||||
|
@ -73,6 +72,8 @@ class User < ApplicationRecord
|
|||
devise :two_factor_authenticatable,
|
||||
otp_secret_encryption_key: Rails.configuration.x.otp_secret
|
||||
|
||||
include LegacyOtpSecret # Must be after the above `devise` line in order to override the legacy method
|
||||
|
||||
devise :two_factor_backupable,
|
||||
otp_number_of_backup_codes: 10
|
||||
|
||||
|
@ -132,11 +133,6 @@ class User < ApplicationRecord
|
|||
normalizes :time_zone, with: ->(time_zone) { ActiveSupport::TimeZone[time_zone].nil? ? nil : time_zone }
|
||||
normalizes :chosen_languages, with: ->(chosen_languages) { chosen_languages.compact_blank.presence }
|
||||
|
||||
# This avoids a deprecation warning from Rails 5.1
|
||||
# It seems possible that a future release of devise-two-factor will
|
||||
# handle this itself, and this can be removed from our User class.
|
||||
attribute :otp_secret
|
||||
|
||||
has_many :session_activations, dependent: :destroy
|
||||
|
||||
delegate :can?, to: :role
|
||||
|
|
|
@ -9,14 +9,25 @@ RSpec.describe User do
|
|||
|
||||
it_behaves_like 'two_factor_backupable'
|
||||
|
||||
describe 'otp_secret' do
|
||||
describe 'legacy_otp_secret' do
|
||||
it 'is encrypted with OTP_SECRET environment variable' do
|
||||
user = Fabricate(:user,
|
||||
encrypted_otp_secret: "Fttsy7QAa0edaDfdfSz094rRLAxc8cJweDQ4BsWH/zozcdVA8o9GLqcKhn2b\nGi/V\n",
|
||||
encrypted_otp_secret_iv: 'rys3THICkr60BoWC',
|
||||
encrypted_otp_secret_salt: '_LMkAGvdg7a+sDIKjI3mR2Q==')
|
||||
|
||||
expect(user.otp_secret).to eq 'anotpsecretthatshouldbeencrypted'
|
||||
expect(user.send(:legacy_otp_secret)).to eq 'anotpsecretthatshouldbeencrypted'
|
||||
end
|
||||
end
|
||||
|
||||
describe 'otp_secret' do
|
||||
it 'encrypts the saved value' do
|
||||
user = Fabricate(:user, otp_secret: '123123123')
|
||||
|
||||
user.reload
|
||||
|
||||
expect(user.otp_secret).to eq '123123123'
|
||||
expect(user.attributes_before_type_cast[:otp_secret]).to_not eq '123123123'
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue