Reset `otp_grace_period_started_at` after disabling 2FA

Prior, if the user enabled 2FA, then disabled it and came back some time after the grace period expired, they would be forced to enable 2FA immediately.
2016-02-29 13:56:40 -05:00 · 2016-02-29 13:56:40 -05:00 · 3334c3fc70
parent 333ad73e76
commit 3334c3fc70
3 changed files with 9 additions and 5 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -362,11 +362,12 @@ class User < ActiveRecord::Base

  def disable_two_factor!
    update_attributes(
-      two_factor_enabled:        false,
-      encrypted_otp_secret:      nil,
-      encrypted_otp_secret_iv:   nil,
-      encrypted_otp_secret_salt: nil,
-      otp_backup_codes:          nil
+      two_factor_enabled:          false,
+      encrypted_otp_secret:        nil,
+      encrypted_otp_secret_iv:     nil,
+      encrypted_otp_secret_salt:   nil,
+      otp_grace_period_started_at: nil,
+      otp_backup_codes:            nil
    )
  end

--- a/spec/factories.rb
+++ b/spec/factories.rb
@ -32,6 +32,7 @@ FactoryGirl.define do
      before(:create) do |user|
        user.two_factor_enabled = true
        user.otp_secret = User.generate_otp_secret(32)
+        user.otp_grace_period_started_at = Time.now
        user.generate_otp_backup_codes!
      end
    end
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -268,6 +268,7 @@ describe User, models: true do
      expect(user).to be_two_factor_enabled
      expect(user.encrypted_otp_secret).not_to be_nil
      expect(user.otp_backup_codes).not_to be_nil
+      expect(user.otp_grace_period_started_at).not_to be_nil

      user.disable_two_factor!

@ -276,6 +277,7 @@ describe User, models: true do
      expect(user.encrypted_otp_secret_iv).to be_nil
      expect(user.encrypted_otp_secret_salt).to be_nil
      expect(user.otp_backup_codes).to be_nil
+      expect(user.otp_grace_period_started_at).to be_nil
    end
  end