FIX: password reset with security key

This regressed in 0434112. No fix here yet, this is a draft PR with a passing test (but it is incomplete).
2024-06-05 15:35:09 -04:00 · 2024-06-05 15:35:09 -04:00 · 1b53f3ac21
parent 729063e485
commit 1b53f3ac21
2 changed files with 47 additions and 5 deletions
--- a/app/assets/javascripts/discourse/app/controllers/password-reset.js
+++ b/app/assets/javascripts/discourse/app/controllers/password-reset.js
@ -35,10 +35,10 @@ export default Controller.extend(PasswordValidation, {
  redirected: false,
  maskPassword: true,

-  init() {
-    this._super(...arguments);
-    this.set("selectedSecondFactorMethod", this.secondFactorMethod);
-  },
+  // init() {
+  //   this._super(...arguments);
+  //   this.set("selectedSecondFactorMethod", this.secondFactorMethod);
+  // },

  @discourseComputed()
  continueButtonText() {
@ -78,7 +78,7 @@ export default Controller.extend(PasswordValidation, {
          password: this.accountPassword,
          second_factor_token:
            this.securityKeyCredential || this.secondFactorToken,
-          second_factor_method: this.selectedSecondFactorMethod,
+          second_factor_method: this.secondFactorMethod,
          timezone: moment.tz.guess(),
        },
      })
--- a/spec/system/login_spec.rb
+++ b/spec/system/login_spec.rb
@ -4,7 +4,9 @@ require "rotp"

 shared_examples "login scenarios" do
  let(:login_modal) { PageObjects::Modals::Login.new }
+  let(:user_preferences_security_page) { PageObjects::Pages::UserPreferencesSecurity.new }
  fab!(:user) { Fabricate(:user, username: "john", password: "supersecurepassword") }
+  let(:user_menu) { PageObjects::Components::UserMenu.new }

  before { Jobs.run_immediately! }

@ -224,6 +226,46 @@ shared_examples "login scenarios" do
      find(".change-password-form .btn-primary").click
      expect(page).to have_css(".header-dropdown-toggle.current-user")
    end
+
+    it "can reset password with a security key" do
+      # testing the 2FA flow requires a user that was created > 5 minutes ago
+      user.created_at = 6.minutes.ago
+      user.save!
+      sign_in(user)
+      options = ::Selenium::WebDriver::VirtualAuthenticatorOptions.new
+      authenticator = page.driver.browser.add_virtual_authenticator(options)
+
+      user_preferences_security_page.visit(user)
+      user_preferences_security_page.visit_second_factor("supersecurepassword")
+
+      find(".security-key .new-security-key").click
+      expect(user_preferences_security_page).to have_css("input#security-key-name")
+
+      find(".d-modal__body input#security-key-name").fill_in(with: "First Key")
+      find(".add-security-key").click
+
+      expect(user_preferences_security_page).to have_css(".security-key .second-factor-item")
+
+      user_menu.sign_out
+
+      # reset password flow
+      login_modal.open
+      login_modal.fill_username("john")
+      login_modal.forgot_password
+      find("button.forgot-password-reset").click
+
+      reset_password_link = wait_for_email_link(user, :reset_password)
+      visit reset_password_link
+
+      find("#security-key .btn-primary").click
+
+      find("#new-account-password").fill_in(with: "newsuperpassword")
+      find(".change-password-form .btn-primary").click
+      expect(page).to have_css(".header-dropdown-toggle.current-user")
+
+      # clear authenticator (otherwise it will interfere with other tests)
+      authenticator.remove!
+    end
  end
 end