summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Lopez <james@gitlab.com>2019-05-22 07:59:15 +0000
committerJames Lopez <james@gitlab.com>2019-05-22 07:59:15 +0000
commit1645cec1298c7cabefaa8fbc05f0774074a8f521 (patch)
treed4643f342945ca45f3fe71c1ba34118a9dc88349
parent6d495d6589dc874a623a849b85495569fbffd746 (diff)
parentfa3aa0c5a7e8910a658572dce3ad5291e1112db1 (diff)
downloadgitlab-ce-1645cec1298c7cabefaa8fbc05f0774074a8f521.tar.gz
Merge branch '61441' into 'master'
#61441 Allow user to set email ID before setting up 2FA See merge request gitlab-org/gitlab-ce!28097
-rw-r--r--app/controllers/concerns/enforces_two_factor_authentication.rb2
-rw-r--r--changelogs/unreleased/61441.yml5
-rw-r--r--spec/controllers/application_controller_spec.rb21
3 files changed, 24 insertions, 4 deletions
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb
index 71bdef8ce03..0fddf15d197 100644
--- a/app/controllers/concerns/enforces_two_factor_authentication.rb
+++ b/app/controllers/concerns/enforces_two_factor_authentication.rb
@@ -16,7 +16,7 @@ module EnforcesTwoFactorAuthentication
end
def check_two_factor_requirement
- if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled? && !skip_two_factor?
+ if two_factor_authentication_required? && current_user && !current_user.temp_oauth_email? && !current_user.two_factor_enabled? && !skip_two_factor?
redirect_to profile_two_factor_auth_path
end
end
diff --git a/changelogs/unreleased/61441.yml b/changelogs/unreleased/61441.yml
new file mode 100644
index 00000000000..2ad0c6f62d3
--- /dev/null
+++ b/changelogs/unreleased/61441.yml
@@ -0,0 +1,5 @@
+---
+title: Allow user to set primary email first when 2FA is required
+merge_request: 28097
+author: Kartikey Tanna
+type: fixed
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 7296a4b4526..5ecd1b6b7c8 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -206,8 +206,19 @@ describe ApplicationController do
describe '#check_two_factor_requirement' do
subject { controller.send :check_two_factor_requirement }
+ it 'does not redirect if user has temporary oauth email' do
+ oauth_user = create(:user, email: 'temp-email-for-oauth@email.com')
+ allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
+ allow(controller).to receive(:current_user).and_return(oauth_user)
+
+ expect(controller).not_to receive(:redirect_to)
+
+ subject
+ end
+
it 'does not redirect if 2FA is not required' do
allow(controller).to receive(:two_factor_authentication_required?).and_return(false)
+
expect(controller).not_to receive(:redirect_to)
subject
@@ -216,6 +227,7 @@ describe ApplicationController do
it 'does not redirect if user is not logged in' do
allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
allow(controller).to receive(:current_user).and_return(nil)
+
expect(controller).not_to receive(:redirect_to)
subject
@@ -223,8 +235,9 @@ describe ApplicationController do
it 'does not redirect if user has 2FA enabled' do
allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
- allow(controller).to receive(:current_user).twice.and_return(user)
+ allow(controller).to receive(:current_user).thrice.and_return(user)
allow(user).to receive(:two_factor_enabled?).and_return(true)
+
expect(controller).not_to receive(:redirect_to)
subject
@@ -232,9 +245,10 @@ describe ApplicationController do
it 'does not redirect if 2FA setup can be skipped' do
allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
- allow(controller).to receive(:current_user).twice.and_return(user)
+ allow(controller).to receive(:current_user).thrice.and_return(user)
allow(user).to receive(:two_factor_enabled?).and_return(false)
allow(controller).to receive(:skip_two_factor?).and_return(true)
+
expect(controller).not_to receive(:redirect_to)
subject
@@ -242,10 +256,11 @@ describe ApplicationController do
it 'redirects to 2FA setup otherwise' do
allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
- allow(controller).to receive(:current_user).twice.and_return(user)
+ allow(controller).to receive(:current_user).thrice.and_return(user)
allow(user).to receive(:two_factor_enabled?).and_return(false)
allow(controller).to receive(:skip_two_factor?).and_return(false)
allow(controller).to receive(:profile_two_factor_auth_path)
+
expect(controller).to receive(:redirect_to)
subject