diff options
author | Douwe Maan <douwe@gitlab.com> | 2018-02-09 15:02:11 +0000 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2018-02-27 11:25:01 -0600 |
commit | 42db432d03cf4dca3a1f3b7a1d6133ade109b1d0 (patch) | |
tree | 75855d46715d20f994be0e95ef2dbf4430b568d4 /spec | |
parent | b951e0d17739c669cafd6cd6e916f593b995aa62 (diff) | |
download | gitlab-ce-42db432d03cf4dca3a1f3b7a1d6133ade109b1d0.tar.gz |
Merge branch 'sh-fix-otp-backup-invalidation-10-5' into 'security-10-5'
Ensure that OTP backup codes are always invalidated - 10.5 port
See merge request gitlab/gitlabhq!2324
Diffstat (limited to 'spec')
-rw-r--r-- | spec/features/login_spec.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/features/login_spec.rb b/spec/features/login_spec.rb index 6dfabcc7225..1a4b26b2822 100644 --- a/spec/features/login_spec.rb +++ b/spec/features/login_spec.rb @@ -125,6 +125,18 @@ feature 'Login' do expect { enter_code(codes.sample) } .to change { user.reload.otp_backup_codes.size }.by(-1) end + + it 'invalidates backup codes twice in a row' do + random_code = codes.delete(codes.sample) + expect { enter_code(random_code) } + .to change { user.reload.otp_backup_codes.size }.by(-1) + + gitlab_sign_out + gitlab_sign_in(user) + + expect { enter_code(codes.sample) } + .to change { user.reload.otp_backup_codes.size }.by(-1) + end end context 'with invalid code' do |