gnh1201/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2025-09-05 09:21:11 +00:00
Code Issues Actions 28 Packages Projects Releases Wiki Activity

Merge 8902ba1fd5 into 14cb5ff881

Browse Source
This commit is contained in:
Nicolas Temciuc 2025-09-03 20:07:43 +00:00 committed by GitHub
commit f52c9ac0cf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
81 changed files with 212 additions and 253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb
View File

@ -20,6 +20,12 @@ module Settings
redirect_to new_settings_two_factor_authentication_confirmation_path
end
def destroy
current_user.disable_otp_login!
redirect_to settings_two_factor_authentication_methods_path
end
private
def verify_otp_not_enabled

5
app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
View File

@ -6,7 +6,6 @@ module Settings
skip_before_action :check_self_destruct!
skip_before_action :require_functional!
before_action :redirect_invalid_otp, unless: -> { current_user.otp_enabled? }
before_action :redirect_invalid_webauthn, only: [:index, :destroy], unless: -> { current_user.webauthn_enabled? }
def index; end
@ -85,10 +84,6 @@ module Settings
private
def redirect_invalid_otp
redirect_to settings_two_factor_authentication_methods_path, flash: { error: t('webauthn_credentials.otp_required') }
end
def redirect_invalid_webauthn
redirect_to settings_two_factor_authentication_methods_path, flash: { error: t('webauthn_credentials.not_enabled') }
end

8
app/controllers/settings/two_factor_authentication_methods_controller.rb
View File

@ -8,7 +8,7 @@ module Settings
skip_before_action :require_functional!
before_action :require_challenge!, only: :disable
before_action :require_otp_enabled
before_action :require_two_factor_enabled, only: :disable
def index; end
@ -16,13 +16,13 @@ module Settings
current_user.disable_two_factor!
UserMailer.two_factor_disabled(current_user).deliver_later!
redirect_to settings_otp_authentication_path, flash: { notice: I18n.t('two_factor_authentication.disabled_success') }
redirect_to settings_two_factor_authentication_methods_path, flash: { notice: I18n.t('two_factor_authentication.disabled_success') }
end
private
def require_otp_enabled
redirect_to settings_otp_authentication_path unless current_user.otp_enabled?
def require_two_factor_enabled
redirect_to settings_otp_authentication_path unless current_user.two_factor_enabled?
end
end
end

9
app/models/user.rb
View File

@ -262,6 +262,15 @@ class User < ApplicationRecord
otp_required_for_login? || webauthn_credentials.any?
end
def disable_otp_login!
return unless otp_required_for_login?
self.otp_required_for_login = false
self.otp_secret = nil
save!
end
def disable_two_factor!
self.otp_required_for_login = false
self.otp_secret = nil

37
app/views/settings/two_factor_authentication_methods/index.html.haml
View File

@ -1,14 +1,15 @@
- content_for :page_title do
= t('settings.two_factor_authentication')
- content_for :heading_actions do
= link_to t('two_factor_authentication.disable'), disable_settings_two_factor_authentication_methods_path, class: 'button button--destructive', method: :post
- if current_user.two_factor_enabled?
- content_for :heading_actions do
= link_to t('two_factor_authentication.disable'), disable_settings_two_factor_authentication_methods_path, class: 'button button--destructive', method: :post
%p.hint
%span.positive-hint
= material_symbol 'check'
&nbsp;
= t 'two_factor_authentication.enabled'
%p.hint
%span.positive-hint
= material_symbol 'check'
&nbsp;
= t 'two_factor_authentication.enabled'
.table-wrapper
%table.table
@ -19,8 +20,13 @@
%tbody
%tr
%td= t('two_factor_authentication.otp')
%td
= table_link_to 'edit', t('two_factor_authentication.edit'), settings_otp_authentication_path, method: :post
- if current_user.otp_enabled?
%td
= table_link_to 'edit', t('two_factor_authentication.edit'), settings_otp_authentication_path, method: :get
= table_link_to 'delete', t('otp_authentication.delete'), settings_otp_authentication_path, method: :delete, data: { confirm: t('otp_authentication.delete_confirmation') }
- else
%td
= table_link_to 'add', t('two_factor_authentication.add'), settings_otp_authentication_path, method: :get
%tr
%td= t('two_factor_authentication.webauthn')
- if current_user.webauthn_enabled?
@ -30,12 +36,13 @@
%td
= table_link_to 'key', t('two_factor_authentication.add'), new_settings_webauthn_credential_path, method: :get
%hr.spacer/
- if current_user.otp_enabled?
%hr.spacer/
%h3= t('two_factor_authentication.recovery_codes')
%p.muted-hint= t('two_factor_authentication.lost_recovery_codes')
%h3= t('two_factor_authentication.recovery_codes')
%p.muted-hint= t('two_factor_authentication.lost_recovery_codes')
%hr.spacer/
%hr.spacer/
.simple_form
= link_to t('two_factor_authentication.generate_recovery_codes'), settings_two_factor_authentication_recovery_codes_path, data: { method: :post }, class: 'button button--block'
.simple_form
= link_to t('two_factor_authentication.generate_recovery_codes'), settings_two_factor_authentication_recovery_codes_path, data: { method: :post }, class: 'button button--block'

1
config/locales/an.yml
View File

@ -1554,5 +1554,4 @@ an:
nickname_hint: Escriba la embotada d'a suya nueva clau de seguranza
not_enabled: Encara no has activau WebAuthn
not_supported: Este navegador no suporta claus de seguranza
otp_required: Pa usar claus de seguranza, per favor habilite primero l'autenticación de dople factor.
registered_on: Rechistrau lo %{date}

1
config/locales/ar.yml
View File

@ -2279,5 +2279,4 @@ ar:
nickname_hint: أدخل اسم مستعار لمفتاح الأمان الجديد الخاص بك
not_enabled: لم تقم بتفعيل WebAuthn بعد
not_supported: هذا المتصفح لا يدعم مفاتيح الأمان
otp_required: لاستخدام مفاتيح الأمان، يرجى تفعيل الاستيثاق بعامِلين أولاً.
registered_on: تم التسجيل في %{date}

1
config/locales/ast.yml
View File

@ -898,4 +898,3 @@ ast:
invalid_credential: La llave de seguranza nun ye válida
not_enabled: Nun activesti la función WebAuthn
not_supported: Esti restolador nun ye compatible coles llaves de seguranza
otp_required: Pa usar les llaves de seguranza, activa primero l'autenticación en dos pasos.

1
config/locales/be.yml
View File

@ -2236,5 +2236,4 @@ be:
nickname_hint: Увядзіце псеўданім вашага новага ключа бяспекі
not_enabled: Вы яшчэ не ўключылі WebAuthn
not_supported: Гэты браўзер не падтрымлівае ключы бяспекі
otp_required: Каб выкарыстоўваць ключы бяспекі, спачатку ўключыце двухфактарную аўтэнтыфікацыю.
registered_on: Зарэгістраваны %{date}

1
config/locales/bg.yml
View File

@ -2119,5 +2119,4 @@ bg:
nickname_hint: Въведете прякор на новия си ключ за сигурност
not_enabled: Още не сте включили WebAuthn
not_supported: Този браузър не поддържа ключове за сигурност
otp_required: Първо включете двуфакторното удостоверяване, за да използвате ключовете за сигурност.
registered_on: Регистрирано на %{date}

1
config/locales/br.yml
View File

@ -632,5 +632,4 @@ br:
nickname_hint: Skrivit lesanv hoc'h alc'hwez surentez nevez
not_enabled: WebAuthn n'eo ket aotreet ganeoc'h c'hoazh
not_supported: Alc'hwezioù surentez a zo diembreg gant ar merdeer-se
otp_required: Evit implijout alc'hwezioù surentez, aotrit dilesadur dre eil-elfenn da gentañ.
registered_on: Enrollet d'ar %{date}

1
config/locales/ca.yml
View File

@ -2118,5 +2118,4 @@ ca:
nickname_hint: Introdueix el sobrenom de la teva clau de seguretat nova
not_enabled: Encara no has activat WebAuthn
not_supported: Aquest navegador no suporta claus de seguretat
otp_required: Per a usar claus de seguretat, activeu primer l'autenticació de dos factors.
registered_on: Registrat en %{date}

1
config/locales/ckb.yml
View File

@ -1007,5 +1007,4 @@ ckb:
nickname_hint: نازناوی کلیلی ئاسایشی نوێت تێبنووسە
not_enabled: تۆ هێشتا WebAuthnت چالاک نەکردووە
not_supported: ئەم وێبگەڕە پشتگیری کلیلەکانی پاراستن ناکات
otp_required: بۆ بەکارهێنانی کلیلەکانی پاراستن تکایە سەرەتا سەلماندنی دوو-فاکتەر چالاک بکە.
registered_on: تۆمارکراو لە %{date}

1
config/locales/co.yml
View File

@ -1021,5 +1021,4 @@ co:
nickname_hint: Entrate u nome di a vostra nova chjave di sicurità
not_enabled: Ùn avete micca attivatu WebAuthn
not_supported: E chjave di sicurità ùn marchjanu micca cù quessu navigatore
otp_required: Per utilizà una chjave di sicurità duvete attivà l'identificazione à dui fattori prima.
registered_on: Arregistrata %{date}

1
config/locales/cs.yml
View File

@ -2236,5 +2236,4 @@ cs:
nickname_hint: Zadejte přezdívku nového bezpečnostního klíče
not_enabled: Zatím jste nepovolili WebAuthn
not_supported: Tento prohlížeč nepodporuje bezpečnostní klíče
otp_required: Pro použití bezpečnostních klíčů prosím nejprve zapněte dvoufázové ověřování.
registered_on: Přidán %{date}

1
config/locales/cy.yml
View File

@ -2320,5 +2320,4 @@ cy:
nickname_hint: Rhowch lysenw eich allwedd ddiogelwch newydd
not_enabled: Nid ydych wedi galluogi WebAuthn eto
not_supported: Nid yw'r porwr hwn yn cynnal allweddi diogelwch
otp_required: I ddefnyddio allweddi diogelwch, galluogwch ddilysu dau ffactor yn gyntaf.
registered_on: Cofrestrwyd ar %{date}

1
config/locales/da.yml
View File

@ -2148,5 +2148,4 @@ da:
nickname_hint: Angiv kaldenavnet på din nye sikkerhedsnøgle
not_enabled: Du har endnu ikke aktiveret WebAuthn
not_supported: Denne browser understøtter ikke sikkerhedsnøgler
otp_required: For at bruge sikkerhedsnøgler skal tofaktorgodkendelse først aktiveres.
registered_on: Registreret d. %{date}

1
config/locales/de.yml
View File

@ -2148,5 +2148,4 @@ de:
nickname_hint: Gib den Spitznamen deines neuen Sicherheitsschlüssels ein
not_enabled: Du hast WebAuthn noch nicht aktiviert
not_supported: Dieser Browser unterstützt keine Sicherheitsschlüssel
otp_required: Um Sicherheitsschlüssel zu verwenden, aktiviere zunächst die Zwei-Faktor-Authentisierung.
registered_on: Registriert am %{date}

1
config/locales/el.yml
View File

@ -2138,5 +2138,4 @@ el:
nickname_hint: Βάλε το ψευδώνυμο του νέου κλειδιού ασφαλείας σου
not_enabled: Δεν έχεις ενεργοποιήσει το WebAuthn ακόμα
not_supported: Αυτό το πρόγραμμα περιήγησης δεν υποστηρίζει κλειδιά ασφαλείας
otp_required: Για να χρησιμοποιήσεις κλειδιά ασφαλείας, ενεργοποίησε πρώτα την ταυτοποίηση δύο παραγόντων.
registered_on: Εγγραφή στις %{date}

1
config/locales/en-GB.yml
View File

@ -2107,5 +2107,4 @@ en-GB:
nickname_hint: Enter the nickname of your new security key
not_enabled: You haven't enabled WebAuthn yet
not_supported: This browser doesn't support security keys
otp_required: To use security keys please enable two-factor authentication first.
registered_on: Registered on %{date}

3
config/locales/en.yml
View File

@ -1716,6 +1716,8 @@ en:
unit: ''
otp_authentication:
code_hint: Enter the code generated by your authenticator app to confirm
delete: Delete
delete_confirmation: Are you sure you want to delete your authenticator app from your two-factor authentication methods?
description_html: If you enable <strong>two-factor authentication</strong> using an authenticator app, logging in will require you to be in possession of your phone, which will generate tokens for you to enter.
enable: Enable
instructions_html: "<strong>Scan this QR code into Google Authenticator or a similar TOTP app on your phone</strong>. From now on, that app will generate tokens that you will have to enter when logging in."
@ -2149,5 +2151,4 @@ en:
nickname_hint: Enter the nickname of your new security key
not_enabled: You haven't enabled WebAuthn yet
not_supported: This browser doesn't support security keys
otp_required: To use security keys please enable two-factor authentication first.
registered_on: Registered on %{date}

1
config/locales/eo.yml
View File

@ -2119,5 +2119,4 @@ eo:
nickname_hint: Enigu alinomon de via nova sekurecŝlosilo
not_enabled: Vi ankoraŭ ne ŝaltis WebAuth
not_supported: Ĉi tiu legilo ne povas uzi sekurecŝlosilojn
otp_required: Por uzi sekurecŝlosilojn, ebligu 2-faktoran autentigon unue.
registered_on: Registrita je %{date}

1
config/locales/es-AR.yml
View File

@ -2148,5 +2148,4 @@ es-AR:
nickname_hint: Ingresá el apodo de tu nueva llave de seguridad
not_enabled: Todavía no habilitaste WebAuthn
not_supported: Este navegador web no soporta llaves de seguridad
otp_required: Para usar llaves de seguridad, por favor, primero habilitá la autenticación de dos factores.
registered_on: Registrado el %{date}

1
config/locales/es-MX.yml
View File

@ -2148,5 +2148,4 @@ es-MX:
nickname_hint: Introduzca el apodo de su nueva clave de seguridad
not_enabled: Aún no has activado WebAuthn
not_supported: Este navegador no soporta claves de seguridad
otp_required: Para usar claves de seguridad, por favor habilite primero la autenticación de doble factor.
registered_on: Registrado el %{date}

1
config/locales/es.yml
View File

@ -2148,5 +2148,4 @@ es:
nickname_hint: Introduzca el apodo de su nueva clave de seguridad
not_enabled: Aún no has activado WebAuthn
not_supported: Este navegador no soporta claves de seguridad
otp_required: Para usar claves de seguridad, por favor habilite primero la autenticación de doble factor.
registered_on: Registrado el %{date}

1
config/locales/et.yml
View File

@ -2150,5 +2150,4 @@ et:
nickname_hint: Uue turvavõtme hüüdnimi
not_enabled: Veebiautentimine pole sisse lülitatud
not_supported: See veebilehitseja ei toeta turvavõtmeid
otp_required: Turvavõtmete kasutamiseks tuleb eelnevalt sisse lülitada kaheastmeline autentimine.
registered_on: Registreeritud %{date}

1
config/locales/eu.yml
View File

@ -1955,5 +1955,4 @@ eu:
nickname_hint: Sartu zure segurtasun gako berriaren ezizena
not_enabled: Ez duzu WebAuthn gaitu oraindik
not_supported: Nabigatzaile honek ez ditu segurtasun gakoak onartzen
otp_required: Segurtasun gakoak erabili aurretik bi faktoreko autentifikazioa gaitu behar duzu.
registered_on: "%{date}(e)an erregistratua"

1
config/locales/fa.yml
View File

@ -2137,5 +2137,4 @@ fa:
nickname_hint: نام مستعار کلید امنیتی جدیدتان را وارد کنید
not_enabled: شما هنوز WebAuthn را فعال نکرده‌اید
not_supported: این مرورگر از کلیدهای امنیتی پشتیبانی نمی‌کند
otp_required: برای استفاده از کلیدهای امنیتی، لطفاً ابتدا تأیید هویت دو عاملی را به کار بیندازید.
registered_on: ثبت‌شده در %{date}

1
config/locales/fi.yml
View File

@ -2148,5 +2148,4 @@ fi:
nickname_hint: Anna uuden suojausaivaimesi lempinimi
not_enabled: Et ole vielä ottanut WebAuthn-ohjelmaa käyttöön
not_supported: Tämä selain ei tue suojausavaimia
otp_required: Jos haluat käyttää suojausavaimia, ota ensin kaksivaiheinen todennus käyttöön.
registered_on: Rekisteröity %{date}

1
config/locales/fo.yml
View File

@ -2148,5 +2148,4 @@ fo:
nickname_hint: Skriva eyknevni á tínum nýggja trygdarlykli
not_enabled: Tú hevur ikki gjørt WebAuthn virkið enn
not_supported: Hesin kagin stuðlar ikki uppundir trygdarlyklar
otp_required: Fyri at brúka trygdarlyklar er neyðugt at gera váttan í tveimum stigum virkna fyrst.
registered_on: Skrásett %{date}

1
config/locales/fr-CA.yml
View File

@ -2078,5 +2078,4 @@ fr-CA:
nickname_hint: Entrez le surnom de votre nouvelle clé de sécurité
not_enabled: Vous n'avez pas encore activé WebAuthn
not_supported: Ce navigateur ne prend pas en charge les clés de sécurité
otp_required: Pour utiliser les clés de sécurité, veuillez d'abord activer l'authentification à deux facteurs.
registered_on: Inscrit le %{date}

1
config/locales/fr.yml
View File

@ -2078,5 +2078,4 @@ fr:
nickname_hint: Entrez le surnom de votre nouvelle clé de sécurité
not_enabled: Vous n'avez pas encore activé WebAuthn
not_supported: Ce navigateur ne prend pas en charge les clés de sécurité
otp_required: Pour utiliser les clés de sécurité, veuillez d'abord activer l'authentification à deux facteurs.
registered_on: Inscrit le %{date}

1
config/locales/fy.yml
View File

@ -2133,5 +2133,4 @@ fy:
nickname_hint: Fier de bynamme yn fan jo nije befeiligingskaai
not_enabled: Jo hawwe WebAuthn noch net ynskeakele
not_supported: Dizze browser stipet gjin befeiligingskaaien
otp_required: Om befeiligingskaaien brûke te kinnen, moatte jo earst twa-stapsferifikaasje ynskeakelje.
registered_on: Registrearre op %{date}

1
config/locales/ga.yml
View File

@ -2277,5 +2277,4 @@ ga:
nickname_hint: Cuir isteach leasainm d'eochair shlándála nua
not_enabled: Níl WebAuthn cumasaithe agat fós
not_supported: Ní thacaíonn an brabhsálaí seo le heochracha slándála
otp_required: Chun eochracha slándála a úsáid cumasaigh fíordheimhniú dhá fhachtóir ar dtús.
registered_on: Cláraithe ar %{date}

1
config/locales/gd.yml
View File

@ -2191,5 +2191,4 @@ gd:
nickname_hint: Cuir a-steach far-ainm na h-iuchrach tèarainteachd ùir agad
not_enabled: Cha do chuir thu WebAuthn an comas fhathast
not_supported: Cha chuir am brabhsair seo taic ri iuchraichean tèarainteachd
otp_required: Mus cleachd thu iuchraichean tèarainteachd, feumaidh tu an dearbhadh dà-cheumnach a chur an comas.
registered_on: Air a chlàradh %{date}

1
config/locales/gl.yml
View File

@ -2148,5 +2148,4 @@ gl:
nickname_hint: Escribe un alcume para a túa nova chave de seguridade
not_enabled: Aínda non tes activado WebAuthn
not_supported: Este navegador non ten soporte para chaves de seguridade
otp_required: Para usar chaves de seguridade tes que activar primeiro o segundo factor.
registered_on: Rexistrado o %{date}

1
config/locales/he.yml
View File

@ -2236,5 +2236,4 @@ he:
nickname_hint: הכנס.י כינוי למפתח האבטחה החדש שלך
not_enabled: לא אפשרת את WebAuthn עדיין
not_supported: דפדפן זה לא תומך במפתחות אבטחה
otp_required: על מנת להשתמש במפתחות אבטחה אנא אפשר.י אימות דו-שלבי קודם.
registered_on: נרשם ב %{date}

1
config/locales/hu.yml
View File

@ -2148,5 +2148,4 @@ hu:
nickname_hint: Írd be az új biztonsági kulcsod becenevét
not_enabled: Még nem engedélyezted a WebAuthn-t
not_supported: Ez a böngésző nem támogatja a biztonsági kulcsokat
otp_required: A biztonsági kulcsok használatához először engedélyezd a kétlépcsős hitelesítést.
registered_on: 'Regisztráció ekkor: %{date}'

1
config/locales/ia.yml
View File

@ -2145,5 +2145,4 @@ ia:
nickname_hint: Insere le pseudonymo de tu nove clave de securitate
not_enabled: Tu ancora non ha activate WebAuthn
not_supported: Iste navigator non supporta claves de securitate
otp_required: Pro usar le claves de securitate activa prime le authentication de duo factores.
registered_on: Inscribite le %{date}

1
config/locales/id.yml
View File

@ -1523,5 +1523,4 @@ id:
nickname_hint: Masukkan panggilan kunci keamanan baru Anda
not_enabled: Anda belum mengaktifkan WebAuthn
not_supported: Peramban ini tidak mendukung kunci keamanan
otp_required: Untuk menggunakan kunci keamanan harap aktifkan autentikasi dua-faktor.
registered_on: Terdaftar pada %{date}

1
config/locales/ie.yml
View File

@ -1827,5 +1827,4 @@ ie:
nickname_hint: Scrir li moc-nómine de tui nov clave de securitá
not_enabled: Tu ancor ne ha possibilisat WebAuthn
not_supported: Ti-ci navigator ne subtene claves de securitá
otp_required: Por usar claves de securitá, ples activisar 2-factor autentication.
registered_on: Adheret ye %{date}

1
config/locales/io.yml
View File

@ -1899,5 +1899,4 @@ io:
nickname_hint: Insertez nometo di vua nova sekuresklefo
not_enabled: Vu ne ebligis WebAuthn til nun
not_supported: Ca vidilo ne suportas sekuresklefi
otp_required: Por uzar sekuresklefi, ebligez dufaktora yurizo unesme.
registered_on: Registris ye %{date}

1
config/locales/is.yml
View File

@ -2152,5 +2152,4 @@ is:
nickname_hint: Settu inn stuttnefni fyrir nýja öryggislykilinn þinn
not_enabled: Þú hefur ennþá ekki virkjað WebAuthn
not_supported: Þessi vafri styður ekki öryggislykla
otp_required: Til að nota öryggislykla skaltu fyrst virkja tveggja-þátta auðkenningu.
registered_on: Skráði sig %{date}

1
config/locales/it.yml
View File

@ -2150,5 +2150,4 @@ it:
nickname_hint: Inserisci il soprannome della tua nuova chiave di sicurezza
not_enabled: Non hai ancora abilitato WebAuthn
not_supported: Questo browser non supporta le chiavi di sicurezza
otp_required: Per utilizzare le chiavi di sicurezza, prima abilita l'autenticazione a due fattori.
registered_on: Registrato il %{date}

1
config/locales/ja.yml
View File

@ -2052,5 +2052,4 @@ ja:
nickname_hint: セキュリティキーの名前を入力してください
not_enabled: まだセキュリティキーを有効にしていません
not_supported: このブラウザはセキュリティキーに対応していないようです
otp_required: セキュリティキーを使用するには、まず二要素認証を有効にしてください。
registered_on: "%{date}に登録"

1
config/locales/ko.yml
View File

@ -2103,5 +2103,4 @@ ko:
nickname_hint: 새 보안 키의 별명을 입력해 주세요
not_enabled: 아직 WebAuthn을 활성화 하지 않았습니다.
not_supported: 이 브라우저는 보안 키를 지원하지 않습니다
otp_required: 보안 키를 사용하기 위해서는 2단계 인증을 먼저 활성화 해 주세요
registered_on: "%{date}에 등록됨"

1
config/locales/ku.yml
View File

@ -1549,5 +1549,4 @@ ku:
nickname_hint: Bernavka kilîda te ya ewlehiyê a nû têkevê
not_enabled: Te hê WebAuthn çalak nekiriye
not_supported: Ev gerok piştgiriya kilîtên ewlehiyê nakê
otp_required: Ji bo ku tu kilîtên ewlehiyê bikar bînî, ji kerema xwe re pêşî piştrastkirina du-gavî çalak bike.
registered_on: Di %{date} dîrokê de tomar bû

1
config/locales/lad.yml
View File

@ -1953,5 +1953,4 @@ lad:
nickname_hint: Introduska el sovrenombre de tu mueva yave de sigurita
not_enabled: Ainda no tienes aktivado WebAuthn
not_supported: Este navigador no soporta yaves de sigurita
otp_required: Para uzar yaves de sigurita, por favor kapasite primero la autentifikasyon de dos pasos.
registered_on: Enrejistrado el %{date}

1
config/locales/lt.yml
View File

@ -1359,4 +1359,3 @@ lt:
success: Tavo saugumo raktas buvo sėkmingai ištrintas.
nickname_hint: Įvesk naujojo saugumo rakto slapyvardį
not_enabled: Dar neįjungei WebAuthn
otp_required: Norint naudoti saugumo raktus, pirmiausia įjunk dvigubą tapatybės nustatymą.

1
config/locales/lv.yml
View File

@ -2128,5 +2128,4 @@ lv:
nickname_hint: Ievadi savas jaunās drošības atslēgas segvārdu
not_enabled: Tu vel neesi iespējojis WebAuthn
not_supported: Šī pārlūkprogramma neatbalsta drošības atslēgas
otp_required: Lai izmantotu drošības atslēgas, lūgums vispirms iespējot divpakāpju autentifikāciju.
registered_on: Reģistrēts %{date}

1
config/locales/ms.yml
View File

@ -1710,5 +1710,4 @@ ms:
nickname_hint: Masukkan nama panggilan kunci keselamatan baharu anda
not_enabled: Anda belum mendayakan WebAuthn lagi
not_supported: Pelayan ini tidak menyokong kunci keselamatan
otp_required: Untuk menggunakan kunci keselamatan, sila mengaktifkan pengesahan dua faktor dahulu.
registered_on: Didaftar pada %{date}

1
config/locales/my.yml
View File

@ -1701,5 +1701,4 @@ my:
nickname_hint: သင့်လုံခြုံရေးကီးအသစ်၏ အမည်ပြောင်ကို ထည့်ပါ။
not_enabled: WebAuthn ကို သင် မဖွင့်ရသေးပါ
not_supported: ဤဘရောက်ဆာသည် လုံခြုံရေးကီးများကို မပံ့ပိုးပါ
otp_required: လုံခြုံရေးကီးများကို အသုံးပြုရန်အတွက် နှစ်ဆင့်ခံလုံခြုံရေးစနစ်စိစစ်ခြင်းကို ဦးစွာဖွင့်ပါ။
registered_on: "%{date} တွင် စာရင်းသွင်းထားသည်"

1
config/locales/nl.yml
View File

@ -2148,5 +2148,4 @@ nl:
nickname_hint: Voer de bijnaam in van jouw nieuwe beveiligingssleutel
not_enabled: Je hebt WebAuthn nog niet ingeschakeld
not_supported: Deze browser ondersteunt geen beveiligingssleutels
otp_required: Om beveiligingssleutels te kunnen gebruiken, moet je eerst tweestapsverificatie inschakelen.
registered_on: Geregistreerd op %{date}

1
config/locales/nn.yml
View File

@ -2145,5 +2145,4 @@ nn:
nickname_hint: Skriv inn kallenavnet til din nye sikkerhetsnøkkel
not_enabled: Du har ikke aktivert WebAuthn ennå
not_supported: Denne nettleseren støtter ikke sikkerhetsnøkler
otp_required: For å bruke sikkerhetsnøkler, må du først aktivere to-faktor autentisering.
registered_on: Registrert den %{date}

1
config/locales/no.yml
View File

@ -1821,5 +1821,4 @@
nickname_hint: Skriv inn kallenavnet til din nye sikkerhetsnøkkel
not_enabled: Du har ikke aktivert WebAuthn ennå
not_supported: Denne nettleseren støtter ikke sikkerhetsnøkler
otp_required: For å bruke sikkerhetsnøkler, må du først aktivere to-faktor autentisering.
registered_on: Registrert den %{date}

1
config/locales/pl.yml
View File

@ -2198,5 +2198,4 @@ pl:
nickname_hint: Wprowadź nazwę twojego nowego klucza bezpieczeństwa
not_enabled: Nie włączyłeś WebAuthn
not_supported: Twoja przeglądarka nie obsługuje kluczy bezpieczeństwa
otp_required: Aby użyć kluczy bezpieczeństwa, najpierw włącz uwierzytelnianie dwuskładnikowe.
registered_on: Zarejestrowano %{date}

1
config/locales/pt-BR.yml
View File

@ -2148,5 +2148,4 @@ pt-BR:
nickname_hint: Digite o apelido da sua nova chave de segurança
not_enabled: Você ainda não habilitou o WebAuthn
not_supported: Este navegador não tem suporte a chaves de segurança
otp_required: Para usar chaves de segurança, ative a autenticação de dois fatores.
registered_on: Registrado em %{date}

1
config/locales/pt-PT.yml
View File

@ -2145,5 +2145,4 @@ pt-PT:
nickname_hint: Introduz a alcunha da tua nova chave de segurança
not_enabled: Ainda não ativaste o WebAuthn
not_supported: Este navegador não funciona com chaves de segurança
otp_required: Para utilizares chaves de segurança, ativa primeiro a autenticação de dois fatores.
registered_on: Registado em %{date}

1
config/locales/ru.yml
View File

@ -2192,5 +2192,4 @@ ru:
nickname_hint: Введите название для нового электронного ключа
not_enabled: Вы еще не включили WebAuthn
not_supported: В этом браузере отсутствует поддержка электронных ключей
otp_required: Чтобы использовать электронные ключи, сначала включите двухфакторную аутентификацию.
registered_on: Зарегистрирован %{date}

1
config/locales/sc.yml
View File

@ -1264,5 +1264,4 @@ sc:
nickname_hint: Inserta su nomìngiu de sa crae de seguresa tua noa
not_enabled: No as ativadu ancora WebAuthn
not_supported: Custu navigadore no est cumpatìbile cun is craes de seguresa
otp_required: Pro impreare is craes de seguresa depes ativare prima s'autenticatzione in duos passos.
registered_on: 'Registratzione: %{date}'

1
config/locales/sco.yml
View File

@ -1539,5 +1539,4 @@ sco:
nickname_hint: Pit in the nickname o yer new security key
not_enabled: Ye huvnae turnt on WebAuthn yit
not_supported: This brooser disnae support security keys
otp_required: Fir tae uise security keys please turn on twa-factor authentication furst.
registered_on: Registert on %{date}

1
config/locales/si.yml
View File

@ -1402,5 +1402,4 @@ si:
nickname_hint: ඔබගේ නව ආරක්ෂක යතුරේ අන්වර්ථ නාමය ඇතුළත් කරන්න
not_enabled: ඔබ තවමත් WebAuthn සබල කර නැත
not_supported: මෙම බ්‍රවුසරය ආරක්ෂක යතුරු සඳහා සහය නොදක්වයි
otp_required: ආරක්ෂක යතුරු භාවිතා කිරීමට කරුණාකර පළමුව ද්වි-සාධක සත්‍යාපනය සක්‍රීය කරන්න.
registered_on: "%{date} දී ලියාපදිංචි වී ඇත"

1
config/locales/sl.yml
View File

@ -2136,5 +2136,4 @@ sl:
nickname_hint: Vnesite vzdevek svojega novega varnostnega ključa
not_enabled: Niste še omogočili WebAuthn
not_supported: Ta brskalnik ne podpira varnostnih ključev
otp_required: Za uporabo varnostnih ključev morate najprej omogočiti 2FA (dvostopenjsko overjanje).
registered_on: Datum registracije %{date}

1
config/locales/sq.yml
View File

@ -2093,5 +2093,4 @@ sq:
nickname_hint: Jepni nofkën e kyçit tuaj të ri të sigurisë
not_enabled: Se keni aktivizuar ende WebAuthn-in
not_supported: Ky shfletues nuk mbulon kyçe sigurie
otp_required: Që të përdoren kyçe sigurie, ju lutemi, së pari aktivizoni mirëfilltësimin dyfaktorësh.
registered_on: Regjistruar më %{date}

1
config/locales/sr-Latn.yml
View File

@ -1861,5 +1861,4 @@ sr-Latn:
nickname_hint: Unesite nadimak svog novog sigurnosnog ključa
not_enabled: Još uvek niste omogućili WebAuthn
not_supported: Ovaj pretraživač ne podržava sigurnosne ključeve
otp_required: Da biste koristili sigurnosne ključeve, molimo Vas prvo uključite dvofaktorsku autentifikaciju.
registered_on: Registrovan/-a %{date}

1
config/locales/sr.yml
View File

@ -1891,5 +1891,4 @@ sr:
nickname_hint: Унесите надимак свог новог сигурносног кључа
not_enabled: Још увек нисте омогућили WebAuthn
not_supported: Овај претраживач не подржава сигурносне кључеве
otp_required: Да бисте користили сигурносне кључеве, молимо Вас прво укључите двофакторску аутентификацију.
registered_on: Регистрован/-а %{date}

1
config/locales/sv.yml
View File

@ -2138,5 +2138,4 @@ sv:
nickname_hint: Ange smeknamnet på din nya säkerhetsnyckel
not_enabled: Du har inte aktiverat WebAuthn än
not_supported: Denna webbläsare stöder inte säkerhetsnycklar
otp_required: För att använda säkerhetsnycklar måste du först aktivera tvåfaktorsautentisering.
registered_on: Registrerad den %{date}

1
config/locales/th.yml
View File

@ -1993,5 +1993,4 @@ th:
nickname_hint: ป้อนชื่อเล่นของกุญแจความปลอดภัยใหม่ของคุณ
not_enabled: คุณยังไม่ได้เปิดใช้งาน WebAuthn
not_supported: เบราว์เซอร์นี้ไม่รองรับกุญแจความปลอดภัย
otp_required: เพื่อใช้กุญแจความปลอดภัย โปรดเปิดใช้งานการรับรองความถูกต้องด้วยสองปัจจัยก่อน
registered_on: ลงทะเบียนเมื่อ %{date}

1
config/locales/tr.yml
View File

@ -2145,5 +2145,4 @@ tr:
nickname_hint: Yeni güvenlik anahtarınızın takma adını girin
not_enabled: Henüz WebAuthn'u etkinleştirmediniz
not_supported: Bu tarayıcı güvenlik anahtarlarını desteklemiyor
otp_required: Güvenlik anahtarlarını kullanmak için lütfen önce iki adımlı kimlik doğrulamayı etkinleştirin.
registered_on: "%{date} tarihinde kaydoldu"

1
config/locales/uk.yml
View File

@ -2096,5 +2096,4 @@ uk:
nickname_hint: Введіть псевдонім нового ключа безпеки
not_enabled: Ви ще не активували WebAuthn
not_supported: Цей браузер не підтримує ключі безпеки
otp_required: Для використання ключів безпеки, спочатку увімкніть двофакторну аутентифікацію.
registered_on: Зареєстровано %{date}

1
config/locales/vi.yml
View File

@ -2104,5 +2104,4 @@ vi:
nickname_hint: Nhập tên mới cho khóa bảo mật của bạn
not_enabled: Bạn chưa kích hoạt WebAuthn
not_supported: Trình duyệt của bạn không hỗ trợ khóa bảo mật
otp_required: Để dùng khóa bảo mật, trước tiên hãy kích hoạt xác thực 2 bước.
registered_on: Đăng ký vào %{date}

1
config/locales/zh-CN.yml
View File

@ -2104,5 +2104,4 @@ zh-CN:
nickname_hint: 输入你的新安全密钥的昵称
not_enabled: 你尚未启用WebAuthn
not_supported: 此浏览器不支持安全密钥
otp_required: 要使用安全密钥,请先启用双因素认证。
registered_on: 注册于 %{date}

1
config/locales/zh-HK.yml
View File

@ -1841,5 +1841,4 @@ zh-HK:
nickname_hint: 請為你的安全密鑰裝置命名
not_enabled: 你還未啟用 WebAuthn
not_supported: 這個瀏覽器並不支援安全密鑰裝置
otp_required: 請開啟雙重認證以使用安全密鑰裝置
registered_on: 在 %{date} 注冊

1
config/locales/zh-TW.yml
View File

@ -2110,5 +2110,4 @@ zh-TW:
nickname_hint: 輸入您新安全金鑰的暱稱
not_enabled: 您尚未啟用 WebAuthn
not_supported: 此瀏覽器並不支援安全金鑰
otp_required: 請先啟用兩階段驗證以使用安全金鑰。
registered_on: 註冊於 %{date}

2
config/routes/settings.rb
View File

@ -39,7 +39,7 @@ namespace :settings do
end
scope module: :two_factor_authentication do
resource :otp_authentication, only: [:show, :create], controller: :otp_authentication
resource :otp_authentication, only: [:show, :create, :destroy], controller: :otp_authentication
resources :webauthn_credentials, only: [:index, :new, :create, :destroy], path: 'security_keys' do
collection do

4
spec/controllers/auth/sessions_controller_spec.rb
View File

@ -349,9 +349,9 @@ RSpec.describe Auth::SessionsController do
end
end
context 'with WebAuthn and OTP enabled as second factor' do
context 'with WebAuthn enabled as second factor' do
let!(:user) do
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret)
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh')
end
let!(:webauthn_credential) do

22
spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb
View File

@ -96,4 +96,26 @@ RSpec.describe Settings::TwoFactorAuthentication::OtpAuthenticationController do
end
end
end
describe 'GET #destroy' do
context 'when signed in' do
before do
sign_in user, scope: :user
end
it 'redirects to two factor authentication methods list page' do
delete :destroy
expect(response).to redirect_to settings_two_factor_authentication_methods_path
end
end
context 'when not signed in' do
it 'redirects to login' do
delete :destroy
expect(response).to redirect_to new_user_session_path
end
end
end
end

229
spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb
View File

@ -20,29 +20,10 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
sign_in user, scope: :user
end
context 'when user has otp enabled' do
before do
user.update(otp_required_for_login: true)
end
it 'returns http success' do
get :new
it 'returns http success' do
get :new
expect(response).to have_http_status(200)
end
end
context 'when user does not have otp enabled' do
before do
user.update(otp_required_for_login: false)
end
it 'requires otp enabled first' do
get :new
expect(response).to redirect_to settings_two_factor_authentication_methods_path
expect(flash[:error]).to be_present
end
expect(response).to have_http_status(200)
end
end
end
@ -53,40 +34,21 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
sign_in user, scope: :user
end
context 'when user has otp enabled' do
context 'when user has webauthn enabled' do
before do
user.update(otp_required_for_login: true)
user.update(webauthn_id: WebAuthn.generate_user_id)
add_webauthn_credential(user)
end
context 'when user has webauthn enabled' do
before do
user.update(webauthn_id: WebAuthn.generate_user_id)
add_webauthn_credential(user)
end
it 'returns http success' do
get :index
it 'returns http success' do
get :index
expect(response).to have_http_status(200)
end
end
context 'when user does not has webauthn enabled' do
it 'redirects to 2FA methods list page' do
get :index
expect(response).to redirect_to settings_two_factor_authentication_methods_path
expect(flash[:error]).to be_present
end
expect(response).to have_http_status(200)
end
end
context 'when user does not have otp enabled' do
before do
user.update(otp_required_for_login: false)
end
it 'requires otp enabled first' do
context 'when user does not has webauthn enabled' do
it 'redirects to 2FA methods list page' do
get :index
expect(response).to redirect_to settings_two_factor_authentication_methods_path
@ -110,50 +72,53 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
sign_in user, scope: :user
end
context 'when user has otp enabled' do
context 'when user has webauthn enabled' do
before do
user.update(otp_required_for_login: true)
user.update(webauthn_id: WebAuthn.generate_user_id)
add_webauthn_credential(user)
end
context 'when user has webauthn enabled' do
before do
user.update(webauthn_id: WebAuthn.generate_user_id)
add_webauthn_credential(user)
end
it 'returns http success' do
get :options
it 'includes existing credentials in list of excluded credentials', :aggregate_failures do
expect { get :options }.to_not change(user, :webauthn_id)
expect(response).to have_http_status(200)
expect(controller.session[:webauthn_challenge]).to be_present
excluded_credentials_ids = response.parsed_body['excludeCredentials'].pluck('id')
expect(excluded_credentials_ids).to match_array(user.webauthn_credentials.pluck(:external_id))
end
expect(response).to have_http_status(200)
end
context 'when user does not have webauthn enabled' do
it 'stores the challenge on the session and sets user webauthn_id', :aggregate_failures do
get :options
it 'stores the challenge on the session' do
get :options
expect(response).to have_http_status(200)
expect(controller.session[:webauthn_challenge]).to be_present
expect(user.reload.webauthn_id).to be_present
end
expect(controller.session[:webauthn_challenge]).to be_present
end
it 'does not change webauthn_id' do
expect { get :options }.to_not change(user, :webauthn_id)
end
it 'includes existing credentials in list of excluded credentials' do
get :options
excluded_credentials_ids = response.parsed_body['excludeCredentials'].pluck('id')
expect(excluded_credentials_ids).to match_array(user.webauthn_credentials.pluck(:external_id))
end
end
context 'when user has not enabled otp' do
before do
user.update(otp_required_for_login: false)
end
it 'requires otp enabled first' do
context 'when user does not have webauthn enabled' do
it 'returns http success' do
get :options
expect(response).to redirect_to settings_two_factor_authentication_methods_path
expect(flash[:error]).to be_present
expect(response).to have_http_status(200)
end
it 'stores the challenge on the session' do
get :options
expect(controller.session[:webauthn_challenge]).to be_present
end
it 'sets user webauthn_id' do
get :options
expect(user.reload.webauthn_id).to be_present
end
end
end
@ -183,29 +148,40 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
sign_in user, scope: :user
end
context 'when user has enabled otp' do
context 'when user has enabled webauthn' do
before do
user.update(otp_required_for_login: true)
user.update(webauthn_id: WebAuthn.generate_user_id)
add_webauthn_credential(user)
end
context 'when user has enabled webauthn' do
before do
user.update(webauthn_id: WebAuthn.generate_user_id)
add_webauthn_credential(user)
context 'when creation succeeds' do
it 'returns http success' do
controller.session[:webauthn_challenge] = challenge
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
expect(response).to have_http_status(200)
end
it 'adds a new credential to user credentials and does not change webauthn_id when creation succeeds', :aggregate_failures do
it 'adds a new credential to user credentials' do
controller.session[:webauthn_challenge] = challenge
expect do
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
end.to change { user.webauthn_credentials.count }.by(1)
.and not_change(user, :webauthn_id)
expect(response).to have_http_status(200)
end
it 'fails when the nickname is already used' do
it 'does not change webauthn_id' do
controller.session[:webauthn_challenge] = challenge
expect do
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
end.to_not change(user, :webauthn_id)
end
end
context 'when the nickname is already used' do
it 'fails' do
controller.session[:webauthn_challenge] = challenge
post :create, params: { credential: new_webauthn_credential, nickname: 'USB Key' }
@ -213,14 +189,19 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
expect(response).to have_http_status(422)
expect(flash[:error]).to be_present
end
end
it 'fails when the credential already exists' do
context 'when the credential already exists' do
before do
user2 = Fabricate(:user)
public_key_credential = WebAuthn::Credential.from_create(new_webauthn_credential)
Fabricate(:webauthn_credential,
user_id: Fabricate(:user).id,
user_id: user2.id,
external_id: public_key_credential.id,
public_key: public_key_credential.public_key)
end
it 'fails' do
controller.session[:webauthn_challenge] = challenge
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
@ -230,29 +211,18 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
end
end
context 'when user have not enabled webauthn and creation succeeds' do
it 'creates a webauthn credential' do
controller.session[:webauthn_challenge] = challenge
context 'when user have not enabled webauthn' do
context 'when creation succeeds' do
it 'creates a webauthn credential' do
controller.session[:webauthn_challenge] = challenge
expect do
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
end.to change { user.webauthn_credentials.count }.by(1)
expect do
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
end.to change { user.webauthn_credentials.count }.by(1)
end
end
end
end
context 'when user has not enabled otp' do
before do
user.update(otp_required_for_login: false)
end
it 'requires otp enabled first' do
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
expect(response).to redirect_to settings_two_factor_authentication_methods_path
expect(flash[:error]).to be_present
end
end
end
context 'when not signed in' do
@ -270,39 +240,30 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
sign_in user, scope: :user
end
context 'when user has otp enabled' do
context 'when user has webauthn enabled' do
before do
user.update(otp_required_for_login: true)
user.update(webauthn_id: WebAuthn.generate_user_id)
add_webauthn_credential(user)
end
context 'when user has webauthn enabled' do
before do
user.update(webauthn_id: WebAuthn.generate_user_id)
add_webauthn_credential(user)
end
it 'redirects to 2FA methods list and shows flash success and deletes the credential when deletion succeeds', :aggregate_failures do
expect do
delete :destroy, params: { id: user.webauthn_credentials.take.id }
end.to change { user.webauthn_credentials.count }.by(-1)
context 'when deletion succeeds' do
it 'redirects to 2FA methods list and shows flash success' do
delete :destroy, params: { id: user.webauthn_credentials.take.id }
expect(response).to redirect_to settings_two_factor_authentication_methods_path
expect(flash[:success]).to be_present
end
end
context 'when user does not have webauthn enabled' do
it 'redirects to 2FA methods list and shows flash error' do
delete :destroy, params: { id: '1' }
expect(response).to redirect_to settings_two_factor_authentication_methods_path
expect(flash[:error]).to be_present
it 'deletes the credential' do
expect do
delete :destroy, params: { id: user.webauthn_credentials.take.id }
end.to change { user.webauthn_credentials.count }.by(-1)
end
end
end
context 'when user does not have otp enabled' do
it 'requires otp enabled first' do
context 'when user does not have webauthn enabled' do
it 'redirects to 2FA methods list and shows flash error' do
delete :destroy, params: { id: '1' }
expect(response).to redirect_to settings_two_factor_authentication_methods_path

46
spec/models/user_spec.rb
View File

@ -235,6 +235,52 @@ RSpec.describe User do
end
end
describe '#disable_otp_login!' do
describe 'when user has OTP enabled' do
let(:user) do
Fabricate(
:user,
otp_required_for_login: true,
otp_secret: 'oldotpcode'
)
end
it 'saves false for otp_required_for_login' do
user.disable_otp_login!
expect(user.reload.otp_required_for_login).to be false
end
it 'saves nil for otp_secret' do
user.disable_otp_login!
expect(user.reload.otp_secret).to be_nil
end
end
describe 'when user does not have OTP enabled' do
let(:user) do
Fabricate(
:user,
otp_required_for_login: false,
otp_secret: nil
)
end
it 'does not change for otp_required_for_login' do
user.disable_otp_login!
expect(user.reload.otp_required_for_login).to be false
end
it 'does not change for otp_secret' do
user.disable_otp_login!
expect(user.reload.otp_secret).to be_nil
end
end
end
describe '#disable_two_factor!' do
it 'saves false for otp_required_for_login' do
user = Fabricate.build(:user, otp_required_for_login: true)

19
spec/requests/settings/two_factor_authentication_methods_spec.rb
View File

@ -13,23 +13,4 @@ RSpec.describe 'Settings TwoFactorAuthenticationMethods' do
end
end
end
context 'when signed in' do
let(:user) { Fabricate(:user) }
before { sign_in user }
describe 'GET to /settings/two_factor_authentication_methods' do
describe 'when user has not enabled otp' do
before { user.update(otp_required_for_login: false) }
it 'redirects to enable otp' do
get settings_two_factor_authentication_methods_path
expect(response)
.to redirect_to(settings_otp_authentication_path)
end
end
end
end
end

7
spec/system/admin/users/two_factor_authentications_spec.rb
View File

@ -26,15 +26,14 @@ RSpec.describe 'Admin Users TwoFactorAuthentications' do
end
end
context 'when user has OTP and WebAuthn enabled' do
before { user.update(otp_required_for_login: true, webauthn_id: WebAuthn.generate_user_id) }
context 'when user has WebAuthn enabled' do
before { user.update(webauthn_id: WebAuthn.generate_user_id) }
it 'disables OTP and webauthn and redirects to admin account page' do
visit admin_account_path(user.account.id)
expect { disable_two_factor }
.to change { user.reload.otp_enabled? }.to(false)
.and(change { user.reload.webauthn_enabled? }.to(false))
.to change { user.reload.webauthn_enabled? }.to(false)
expect(page)
.to have_title(user.account.pretty_acct)
end