Browse Source

2FA code required on every sign in

pull/270/head
baarkerlounger 3 years ago
parent
commit
731f689cf0
  1. 2
      config/initializers/devise.rb
  2. 20
      spec/features/admin_panel_spec.rb

2
config/initializers/devise.rb

@ -320,5 +320,5 @@ Devise.setup do |config|
config.remember_otp_session_for_seconds = 1.day # Time before browser has to perform 2fA again. Default is 0. config.remember_otp_session_for_seconds = 1.day # Time before browser has to perform 2fA again. Default is 0.
config.otp_secret_encryption_key = ENV["OTP_SECRET_ENCRYPTION_KEY"] config.otp_secret_encryption_key = ENV["OTP_SECRET_ENCRYPTION_KEY"]
config.second_factor_resource_id = "id" # Field or method name used to set value for 2fA remember cookie config.second_factor_resource_id = "id" # Field or method name used to set value for 2fA remember cookie
config.delete_cookie_on_logout = false # Delete cookie when user signs out, to force 2fA again on login config.delete_cookie_on_logout = true # Delete cookie when user signs out, to force 2fA again on login
end end

20
spec/features/admin_panel_spec.rb

@ -72,4 +72,24 @@ RSpec.describe "Admin Panel" do
expect(page).to have_current_path("/admin/two-factor-authentication") expect(page).to have_current_path("/admin/two-factor-authentication")
end end
end end
context "when logging out and in again" do
before do
allow(SecureRandom).to receive(:random_number).and_return(otp)
end
it "requires the 2FA code on each login" do
visit("/admin")
fill_in("admin_user[email]", with: admin.email)
fill_in("admin_user[password]", with: admin.password)
click_button("Login")
fill_in("code", with: otp)
click_button("Submit")
click_link("Logout")
fill_in("admin_user[email]", with: admin.email)
fill_in("admin_user[password]", with: admin.password)
click_button("Login")
expect(page).to have_content("Check your phone")
end
end
end end

Loading…
Cancel
Save