FIX: Check 2FA is disabled before enabling DiscourseConnect. (#16542)

Both settings are incompatible. We validated that DiscourseConnect is disabled before enabling 2FA but were missing the other way around.
2025-05-22 16:21:18 +08:00 · 2022-04-25 14:49:36 -03:00
parent 596469a712
commit 068e93534c
4 changed files with 25 additions and 2 deletions
--- a/spec/lib/validators/enable_sso_validator_spec.rb
+++ b/spec/lib/validators/enable_sso_validator_spec.rb
@ -62,5 +62,22 @@ RSpec.describe EnableSsoValidator do
      end
    end

+    describe 'when 2FA is enforced' do
+      before do
+        SiteSetting.discourse_connect_url = "https://www.example.com/sso"
+      end
+
+      it 'should be invalid' do
+        SiteSetting.enforce_second_factor = 'all'
+
+        expect(subject.valid_value?('t')).to eq(false)
+      end
+
+      it 'should be valid' do
+        SiteSetting.enforce_second_factor = 'no'
+
+        expect(subject.valid_value?('t')).to eq(true)
+      end
+    end
  end
 end