Merge branch 'rs-disable-2fa' into 'master'

Add User#disable_two_factor! This method encapsulates all the logic for disabling 2FA on a specific User model. See merge request !961
2015-07-13 08:47:55 +00:00 · 2015-07-13 08:47:55 +00:00 · d93da8bed5
commit d93da8bed5
parent 10d5da784b 22724418d3
5 changed files with 33 additions and 17 deletions
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@ -29,13 +29,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
  end

  def destroy
-    current_user.update_attributes({
-      two_factor_enabled:        false,
-      encrypted_otp_secret:      nil,
-      encrypted_otp_secret_iv:   nil,
-      encrypted_otp_secret_salt: nil,
-      otp_backup_codes:          nil
-    })
+    current_user.disable_two_factor!

    redirect_to profile_account_path
  end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -322,6 +322,16 @@ class User < ActiveRecord::Base
    @reset_token
  end

+  def disable_two_factor!
+    update_attributes(
+      two_factor_enabled:        false,
+      encrypted_otp_secret:      nil,
+      encrypted_otp_secret_iv:   nil,
+      encrypted_otp_secret_salt: nil,
+      otp_backup_codes:          nil
+    )
+  end
+
  def namespace_uniq
    namespace_name = self.username
    existing_namespace = Namespace.by_path(namespace_name)
--- a/spec/controllers/profiles/two_factor_auths_controller_spec.rb
+++ b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
@ -105,19 +105,12 @@ describe Profiles::TwoFactorAuthsController do
  end

  describe 'DELETE destroy' do
-    let(:user)   { create(:user, :two_factor) }
-    let!(:codes) { user.generate_otp_backup_codes! }
+    let(:user) { create(:user, :two_factor) }

-    it 'clears all 2FA-related fields' do
-      expect(user).to be_two_factor_enabled
-      expect(user.otp_backup_codes).not_to be_nil
-      expect(user.encrypted_otp_secret).not_to be_nil
+    it 'disables two factor' do
+      expect(user).to receive(:disable_two_factor!)

      delete :destroy
-
-      expect(user).not_to be_two_factor_enabled
-      expect(user.otp_backup_codes).to be_nil
-      expect(user.encrypted_otp_secret).to be_nil
    end

    it 'redirects to profile_account_path' do
--- a/spec/factories.rb
+++ b/spec/factories.rb
@ -32,6 +32,7 @@ FactoryGirl.define do
      before(:create) do |user|
        user.two_factor_enabled = true
        user.otp_secret = User.generate_otp_secret(32)
+        user.generate_otp_backup_codes!
      end
    end

--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -217,6 +217,24 @@ describe User do
    end
  end

+  describe '#disable_two_factor!' do
+    it 'clears all 2FA-related fields' do
+      user = create(:user, :two_factor)
+
+      expect(user).to be_two_factor_enabled
+      expect(user.encrypted_otp_secret).not_to be_nil
+      expect(user.otp_backup_codes).not_to be_nil
+
+      user.disable_two_factor!
+
+      expect(user).not_to be_two_factor_enabled
+      expect(user.encrypted_otp_secret).to be_nil
+      expect(user.encrypted_otp_secret_iv).to be_nil
+      expect(user.encrypted_otp_secret_salt).to be_nil
+      expect(user.otp_backup_codes).to be_nil
+    end
+  end
+
  describe 'projects' do
    before do
      @user = create :user