diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2016-02-29 13:56:40 -0500 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2016-02-29 13:56:40 -0500 |
| commit | 3334c3fc7026497fc9da258824795c0ce23a8ffd (patch) | |
| tree | 319a10073764e84cd0fc7855c7ff26b872a41776 | |
| parent | 333ad73e765d87fa1ccbd4a361f7f172c790f897 (diff) | |
| download | gitlab-ce-3334c3fc7026497fc9da258824795c0ce23a8ffd.tar.gz | |
Reset `otp_grace_period_started_at` after disabling 2FA
Prior, if the user enabled 2FA, then disabled it and came back some time
after the grace period expired, they would be forced to enable 2FA
immediately.
| -rw-r--r-- | app/models/user.rb | 11 | ||||
| -rw-r--r-- | spec/factories.rb | 1 | ||||
| -rw-r--r-- | spec/models/user_spec.rb | 2 |
3 files changed, 9 insertions, 5 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 6baf2468ade..4bc4ab8de7f 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -362,11 +362,12 @@ class User < ActiveRecord::Base def disable_two_factor! update_attributes( - two_factor_enabled: false, - encrypted_otp_secret: nil, - encrypted_otp_secret_iv: nil, - encrypted_otp_secret_salt: nil, - otp_backup_codes: nil + two_factor_enabled: false, + encrypted_otp_secret: nil, + encrypted_otp_secret_iv: nil, + encrypted_otp_secret_salt: nil, + otp_grace_period_started_at: nil, + otp_backup_codes: nil ) end diff --git a/spec/factories.rb b/spec/factories.rb index 264e3ed2c8d..cd57661c1cd 100644 --- a/spec/factories.rb +++ b/spec/factories.rb @@ -32,6 +32,7 @@ FactoryGirl.define do before(:create) do |user| user.two_factor_enabled = true user.otp_secret = User.generate_otp_secret(32) + user.otp_grace_period_started_at = Time.now user.generate_otp_backup_codes! end end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 88821dd0dad..7ad7aab2eec 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -268,6 +268,7 @@ describe User, models: true do expect(user).to be_two_factor_enabled expect(user.encrypted_otp_secret).not_to be_nil expect(user.otp_backup_codes).not_to be_nil + expect(user.otp_grace_period_started_at).not_to be_nil user.disable_two_factor! @@ -276,6 +277,7 @@ describe User, models: true do expect(user.encrypted_otp_secret_iv).to be_nil expect(user.encrypted_otp_secret_salt).to be_nil expect(user.otp_backup_codes).to be_nil + expect(user.otp_grace_period_started_at).to be_nil end end |