From 1b53f3ac2127716b01646f861f3f672a1fc1c41d Mon Sep 17 00:00:00 2001 From: Penar Musaraj Date: Wed, 5 Jun 2024 15:35:09 -0400 Subject: [PATCH] FIX: password reset with security key This regressed in 0434112. No fix here yet, this is a draft PR with a passing test (but it is incomplete). --- .../app/controllers/password-reset.js | 10 ++--- spec/system/login_spec.rb | 42 +++++++++++++++++++ 2 files changed, 47 insertions(+), 5 deletions(-) diff --git a/app/assets/javascripts/discourse/app/controllers/password-reset.js b/app/assets/javascripts/discourse/app/controllers/password-reset.js index d6787d93a7a..bf03cf4e492 100644 --- a/app/assets/javascripts/discourse/app/controllers/password-reset.js +++ b/app/assets/javascripts/discourse/app/controllers/password-reset.js @@ -35,10 +35,10 @@ export default Controller.extend(PasswordValidation, { redirected: false, maskPassword: true, - init() { - this._super(...arguments); - this.set("selectedSecondFactorMethod", this.secondFactorMethod); - }, + // init() { + // this._super(...arguments); + // this.set("selectedSecondFactorMethod", this.secondFactorMethod); + // }, @discourseComputed() continueButtonText() { @@ -78,7 +78,7 @@ export default Controller.extend(PasswordValidation, { password: this.accountPassword, second_factor_token: this.securityKeyCredential || this.secondFactorToken, - second_factor_method: this.selectedSecondFactorMethod, + second_factor_method: this.secondFactorMethod, timezone: moment.tz.guess(), }, }) diff --git a/spec/system/login_spec.rb b/spec/system/login_spec.rb index 42c1246635d..c3405cb397e 100644 --- a/spec/system/login_spec.rb +++ b/spec/system/login_spec.rb @@ -4,7 +4,9 @@ require "rotp" shared_examples "login scenarios" do let(:login_modal) { PageObjects::Modals::Login.new } + let(:user_preferences_security_page) { PageObjects::Pages::UserPreferencesSecurity.new } fab!(:user) { Fabricate(:user, username: "john", password: "supersecurepassword") } + let(:user_menu) { PageObjects::Components::UserMenu.new } before { Jobs.run_immediately! } @@ -224,6 +226,46 @@ shared_examples "login scenarios" do find(".change-password-form .btn-primary").click expect(page).to have_css(".header-dropdown-toggle.current-user") end + + it "can reset password with a security key" do + # testing the 2FA flow requires a user that was created > 5 minutes ago + user.created_at = 6.minutes.ago + user.save! + sign_in(user) + options = ::Selenium::WebDriver::VirtualAuthenticatorOptions.new + authenticator = page.driver.browser.add_virtual_authenticator(options) + + user_preferences_security_page.visit(user) + user_preferences_security_page.visit_second_factor("supersecurepassword") + + find(".security-key .new-security-key").click + expect(user_preferences_security_page).to have_css("input#security-key-name") + + find(".d-modal__body input#security-key-name").fill_in(with: "First Key") + find(".add-security-key").click + + expect(user_preferences_security_page).to have_css(".security-key .second-factor-item") + + user_menu.sign_out + + # reset password flow + login_modal.open + login_modal.fill_username("john") + login_modal.forgot_password + find("button.forgot-password-reset").click + + reset_password_link = wait_for_email_link(user, :reset_password) + visit reset_password_link + + find("#security-key .btn-primary").click + + find("#new-account-password").fill_in(with: "newsuperpassword") + find(".change-password-form .btn-primary").click + expect(page).to have_css(".header-dropdown-toggle.current-user") + + # clear authenticator (otherwise it will interfere with other tests) + authenticator.remove! + end end end