FIX: password reset with security key

This regressed in 0434112. No fix here yet, this is a draft PR with a
passing test (but it is incomplete).
This commit is contained in:
Penar Musaraj 2024-06-05 15:35:09 -04:00
parent 729063e485
commit 1b53f3ac21
No known key found for this signature in database
GPG Key ID: E390435D881FF0F7
2 changed files with 47 additions and 5 deletions

View File

@ -35,10 +35,10 @@ export default Controller.extend(PasswordValidation, {
redirected: false, redirected: false,
maskPassword: true, maskPassword: true,
init() { // init() {
this._super(...arguments); // this._super(...arguments);
this.set("selectedSecondFactorMethod", this.secondFactorMethod); // this.set("selectedSecondFactorMethod", this.secondFactorMethod);
}, // },
@discourseComputed() @discourseComputed()
continueButtonText() { continueButtonText() {
@ -78,7 +78,7 @@ export default Controller.extend(PasswordValidation, {
password: this.accountPassword, password: this.accountPassword,
second_factor_token: second_factor_token:
this.securityKeyCredential || this.secondFactorToken, this.securityKeyCredential || this.secondFactorToken,
second_factor_method: this.selectedSecondFactorMethod, second_factor_method: this.secondFactorMethod,
timezone: moment.tz.guess(), timezone: moment.tz.guess(),
}, },
}) })

View File

@ -4,7 +4,9 @@ require "rotp"
shared_examples "login scenarios" do shared_examples "login scenarios" do
let(:login_modal) { PageObjects::Modals::Login.new } let(:login_modal) { PageObjects::Modals::Login.new }
let(:user_preferences_security_page) { PageObjects::Pages::UserPreferencesSecurity.new }
fab!(:user) { Fabricate(:user, username: "john", password: "supersecurepassword") } fab!(:user) { Fabricate(:user, username: "john", password: "supersecurepassword") }
let(:user_menu) { PageObjects::Components::UserMenu.new }
before { Jobs.run_immediately! } before { Jobs.run_immediately! }
@ -224,6 +226,46 @@ shared_examples "login scenarios" do
find(".change-password-form .btn-primary").click find(".change-password-form .btn-primary").click
expect(page).to have_css(".header-dropdown-toggle.current-user") expect(page).to have_css(".header-dropdown-toggle.current-user")
end end
it "can reset password with a security key" do
# testing the 2FA flow requires a user that was created > 5 minutes ago
user.created_at = 6.minutes.ago
user.save!
sign_in(user)
options = ::Selenium::WebDriver::VirtualAuthenticatorOptions.new
authenticator = page.driver.browser.add_virtual_authenticator(options)
user_preferences_security_page.visit(user)
user_preferences_security_page.visit_second_factor("supersecurepassword")
find(".security-key .new-security-key").click
expect(user_preferences_security_page).to have_css("input#security-key-name")
find(".d-modal__body input#security-key-name").fill_in(with: "First Key")
find(".add-security-key").click
expect(user_preferences_security_page).to have_css(".security-key .second-factor-item")
user_menu.sign_out
# reset password flow
login_modal.open
login_modal.fill_username("john")
login_modal.forgot_password
find("button.forgot-password-reset").click
reset_password_link = wait_for_email_link(user, :reset_password)
visit reset_password_link
find("#security-key .btn-primary").click
find("#new-account-password").fill_in(with: "newsuperpassword")
find(".change-password-form .btn-primary").click
expect(page).to have_css(".header-dropdown-toggle.current-user")
# clear authenticator (otherwise it will interfere with other tests)
authenticator.remove!
end
end end
end end