Merge branch 'sh-fix-otp-backup-invalidation-10-5' into 'security-10-5'

Ensure that OTP backup codes are always invalidated - 10.5 port See merge request gitlab/gitlabhq!2324
author: Douwe Maan <douwe@gitlab.com> 2018-02-09 15:02:11 +0000
committer: Robert Speicher <rspeicher@gmail.com> 2018-02-27 11:25:01 -0600
commit: 42db432d03cf4dca3a1f3b7a1d6133ade109b1d0 (patch)
tree: 75855d46715d20f994be0e95ef2dbf4430b568d4 /spec
parent: b951e0d17739c669cafd6cd6e916f593b995aa62 (diff)
download: gitlab-ce-42db432d03cf4dca3a1f3b7a1d6133ade109b1d0.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/features/login_spec.rb b/spec/features/login_spec.rb
index 6dfabcc7225..1a4b26b2822 100644
--- a/spec/features/login_spec.rb
+++ b/spec/features/login_spec.rb
@@ -125,6 +125,18 @@ feature 'Login' do
             expect { enter_code(codes.sample) }
               .to change { user.reload.otp_backup_codes.size }.by(-1)
           end
+
+          it 'invalidates backup codes twice in a row' do
+            random_code = codes.delete(codes.sample)
+            expect { enter_code(random_code) }
+              .to change { user.reload.otp_backup_codes.size }.by(-1)
+
+            gitlab_sign_out
+            gitlab_sign_in(user)
+
+            expect { enter_code(codes.sample) }
+              .to change { user.reload.otp_backup_codes.size }.by(-1)
+          end
         end
 
         context 'with invalid code' do
author	Douwe Maan <douwe@gitlab.com>	2018-02-09 15:02:11 +0000
committer	Robert Speicher <rspeicher@gmail.com>	2018-02-27 11:25:01 -0600
commit	42db432d03cf4dca3a1f3b7a1d6133ade109b1d0 (patch)
tree	75855d46715d20f994be0e95ef2dbf4430b568d4 /spec
parent	b951e0d17739c669cafd6cd6e916f593b995aa62 (diff)
download	gitlab-ce-42db432d03cf4dca3a1f3b7a1d6133ade109b1d0.tar.gz