Reset otp_grace_period_started_at
after disabling 2FA
Prior, if the user enabled 2FA, then disabled it and came back some time after the grace period expired, they would be forced to enable 2FA immediately.
This commit is contained in:
parent
333ad73e76
commit
3334c3fc70
3 changed files with 9 additions and 5 deletions
|
@ -362,11 +362,12 @@ class User < ActiveRecord::Base
|
|||
|
||||
def disable_two_factor!
|
||||
update_attributes(
|
||||
two_factor_enabled: false,
|
||||
encrypted_otp_secret: nil,
|
||||
encrypted_otp_secret_iv: nil,
|
||||
encrypted_otp_secret_salt: nil,
|
||||
otp_backup_codes: nil
|
||||
two_factor_enabled: false,
|
||||
encrypted_otp_secret: nil,
|
||||
encrypted_otp_secret_iv: nil,
|
||||
encrypted_otp_secret_salt: nil,
|
||||
otp_grace_period_started_at: nil,
|
||||
otp_backup_codes: nil
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -32,6 +32,7 @@ FactoryGirl.define do
|
|||
before(:create) do |user|
|
||||
user.two_factor_enabled = true
|
||||
user.otp_secret = User.generate_otp_secret(32)
|
||||
user.otp_grace_period_started_at = Time.now
|
||||
user.generate_otp_backup_codes!
|
||||
end
|
||||
end
|
||||
|
|
|
@ -268,6 +268,7 @@ describe User, models: true do
|
|||
expect(user).to be_two_factor_enabled
|
||||
expect(user.encrypted_otp_secret).not_to be_nil
|
||||
expect(user.otp_backup_codes).not_to be_nil
|
||||
expect(user.otp_grace_period_started_at).not_to be_nil
|
||||
|
||||
user.disable_two_factor!
|
||||
|
||||
|
@ -276,6 +277,7 @@ describe User, models: true do
|
|||
expect(user.encrypted_otp_secret_iv).to be_nil
|
||||
expect(user.encrypted_otp_secret_salt).to be_nil
|
||||
expect(user.otp_backup_codes).to be_nil
|
||||
expect(user.otp_grace_period_started_at).to be_nil
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue