diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-01 16:52:41 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-01 16:52:41 +0000 |
commit | a986819a7bce2002018dfafed3900dc3f2e8fb81 (patch) | |
tree | 15c063738d999a0aff035c4842885276a9ab6ac4 /spec/features | |
parent | 92d5172ad42ebc62eb78cac21b1e236ad6ace580 (diff) | |
download | gitlab-ce-a986819a7bce2002018dfafed3900dc3f2e8fb81.tar.gz |
Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee
Diffstat (limited to 'spec/features')
-rw-r--r-- | spec/features/users/login_spec.rb | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/spec/features/users/login_spec.rb b/spec/features/users/login_spec.rb index 2d0fcfe84e6..6f6ebe34c03 100644 --- a/spec/features/users/login_spec.rb +++ b/spec/features/users/login_spec.rb @@ -177,6 +177,14 @@ RSpec.describe 'Login' do expect(page).not_to have_content(I18n.t('devise.failure.already_authenticated')) end + it 'does not allow sign-in if the user password is updated before entering a one-time code' do + user.update!(password: 'new_password') + + enter_code(user.current_otp) + + expect(page).to have_content('An error occurred. Please sign in again.') + end + context 'using one-time code' do it 'allows login with valid code' do expect(authentication_metrics) @@ -232,7 +240,7 @@ RSpec.describe 'Login' do expect(codes.size).to eq 10 # Ensure the generated codes get saved - user.save + user.save(touch: false) end context 'with valid code' do @@ -290,7 +298,7 @@ RSpec.describe 'Login' do code = codes.sample expect(user.invalidate_otp_backup_code!(code)).to eq true - user.save! + user.save!(touch: false) expect(user.reload.otp_backup_codes.size).to eq 9 enter_code(code) |