FEATURE: Disallow login via omniauth when user has 2FA enabled.

2025-05-22 22:43:33 +08:00 · 2018-03-01 15:47:07 +08:00
parent 0fabf80dca
commit fb75f188ba
7 changed files with 77 additions and 25 deletions
--- a/spec/requests/omniauth_callbacks_controller_spec.rb
+++ b/spec/requests/omniauth_callbacks_controller_spec.rb
@ -132,6 +132,23 @@ RSpec.describe Users::OmniauthCallbacksController do
        expect(user.registration_ip_address).to be_present
      end

+      context 'when user has second factor enabled' do
+        before do
+          user.create_totp(enabled: true)
+        end
+
+        it 'should return the right response' do
+          get "/auth/google_oauth2/callback.json"
+
+          expect(response).to be_success
+
+          response_body = JSON.parse(response.body)
+
+          expect(response_body["email"]).to eq(user.email)
+          expect(response_body["omniauth_disallow_totp"]).to eq(true)
+        end
+      end
+
      context 'when user has not verified his email' do
        before do
          GoogleUserInfo.create!(google_user_id: '12345', user: user)