github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-04-30 03:14:35 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: password reset with security key (#27358)

Browse Source 
This regressed in 0434112.

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
This commit is contained in:
Jan Cernik 2024-06-05 20:26:22 -03:00 committed by GitHub
parent f66d317ee0
commit 343430fe77
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/assets/javascripts/discourse/app/controllers/password-reset.js
View File

@ -136,6 +136,10 @@ export default Controller.extend(PasswordValidation, {
}, },
authenticateSecurityKey() { authenticateSecurityKey() {
this.set(
"selectedSecondFactorMethod",
SECOND_FACTOR_METHODS.SECURITY_KEY
);
getWebauthnCredential( getWebauthnCredential(
this.model.challenge, this.model.challenge,
this.model.allowed_credential_ids, this.model.allowed_credential_ids,

42
spec/system/login_spec.rb
View File

@ -4,7 +4,9 @@ require "rotp"
shared_examples "login scenarios" do shared_examples "login scenarios" do
let(:login_modal) { PageObjects::Modals::Login.new } let(:login_modal) { PageObjects::Modals::Login.new }
let(:user_preferences_security_page) { PageObjects::Pages::UserPreferencesSecurity.new }
fab!(:user) { Fabricate(:user, username: "john", password: "supersecurepassword") } fab!(:user) { Fabricate(:user, username: "john", password: "supersecurepassword") }
let(:user_menu) { PageObjects::Components::UserMenu.new }
before { Jobs.run_immediately! } before { Jobs.run_immediately! }
@ -224,6 +226,46 @@ shared_examples "login scenarios" do
find(".change-password-form .btn-primary").click find(".change-password-form .btn-primary").click
expect(page).to have_css(".header-dropdown-toggle.current-user") expect(page).to have_css(".header-dropdown-toggle.current-user")
end end
it "can reset password with a security key" do
# testing the 2FA flow requires a user that was created > 5 minutes ago
user.created_at = 6.minutes.ago
user.save!
sign_in(user)
options = ::Selenium::WebDriver::VirtualAuthenticatorOptions.new
authenticator = page.driver.browser.add_virtual_authenticator(options)
user_preferences_security_page.visit(user)
user_preferences_security_page.visit_second_factor("supersecurepassword")
find(".security-key .new-security-key").click
expect(user_preferences_security_page).to have_css("input#security-key-name")
find(".d-modal__body input#security-key-name").fill_in(with: "First Key")
find(".add-security-key").click
expect(user_preferences_security_page).to have_css(".security-key .second-factor-item")
user_menu.sign_out
# reset password flow
login_modal.open
login_modal.fill_username("john")
login_modal.forgot_password
find("button.forgot-password-reset").click
reset_password_link = wait_for_email_link(user, :reset_password)
visit reset_password_link
find("#security-key .btn-primary").click
find("#new-account-password").fill_in(with: "newsuperpassword")
find(".change-password-form .btn-primary").click
expect(page).to have_css(".header-dropdown-toggle.current-user")
ensure
# clear authenticator (otherwise it will interfere with other tests)
authenticator&.remove!
end
end end
end end