FIX: Missing 2FA guards when sso is enabled or when local login is disabled.

2025-09-04 08:47:37 +08:00 · 2018-03-02 10:37:13 +08:00 · 2018-03-02 10:37:13 +08:00 · 939180efa8
commit 939180efa8
parent e19ae6c55e
4 changed files with 46 additions and 1 deletions
--- a/spec/components/concern/second_factor_manager_spec.rb
+++ b/spec/components/concern/second_factor_manager_spec.rb
@ -89,5 +89,22 @@ RSpec.describe SecondFactorManager do
        expect(user.totp_enabled?).to eq(true)
      end
    end
+
+    describe 'when SSO is enabled' do
+      it 'should return false' do
+        SiteSetting.sso_url = 'http://someurl.com'
+        SiteSetting.enable_sso = true
+
+        expect(user.totp_enabled?).to eq(false)
+      end
+    end
+
+    describe 'when local login is disabled' do
+      it 'should return false' do
+        SiteSetting.enable_local_logins = false
+
+        expect(user.totp_enabled?).to eq(false)
+      end
+    end
  end
 end
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@ -431,6 +431,31 @@ RSpec.describe UsersController do
          )
        end

+        describe 'when local logins are disabled' do
+          it 'should return the right response' do
+            SiteSetting.enable_local_logins = false
+
+            post "/users/second_factors.json", params: {
+              password: 'somecomplicatedpassword'
+            }
+
+            expect(response.status).to eq(404)
+          end
+        end
+
+        describe 'when SSO is enabled' do
+          it 'should return the right response' do
+            SiteSetting.sso_url = 'http://someurl.com'
+            SiteSetting.enable_sso = true
+
+            post "/users/second_factors.json", params: {
+              password: 'somecomplicatedpassword'
+            }
+
+            expect(response.status).to eq(404)
+          end
+        end
+
        it 'succeeds on correct password' do
          post "/users/second_factors.json", params: {
            password: 'somecomplicatedpassword'