Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Use user account email instead of auth email when totp is enabled. 

https://meta.discourse.org/t/github-2fa-flow-broken/88674
This commit is contained in:
Guo Xiang Tan 2018-05-30 12:14:04 +08:00
parent 543b7cddfb
commit 21e9315416
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/users/omniauth_callbacks_controller.rb
View File

@ -120,6 +120,7 @@ class Users::OmniauthCallbacksController < ApplicationController
def user_found(user) def user_found(user)
if user.totp_enabled? if user.totp_enabled?
@auth_result.omniauth_disallow_totp = true @auth_result.omniauth_disallow_totp = true
@auth_result.email = user.email
return return
end end

8
spec/requests/omniauth_callbacks_controller_spec.rb
View File

@ -140,12 +140,18 @@ RSpec.describe Users::OmniauthCallbacksController do
it 'should return the right response' do it 'should return the right response' do
get "/auth/google_oauth2/callback.json" get "/auth/google_oauth2/callback.json"
expect(response).to be_success expect(response.status).to eq(200)
response_body = JSON.parse(response.body) response_body = JSON.parse(response.body)
expect(response_body["email"]).to eq(user.email) expect(response_body["email"]).to eq(user.email)
expect(response_body["omniauth_disallow_totp"]).to eq(true) expect(response_body["omniauth_disallow_totp"]).to eq(true)
user.update!(email: 'different@user.email')
get "/auth/google_oauth2/callback.json"
expect(response.status).to eq(200)
expect(JSON.parse(response.body)["email"]).to eq(user.email)
end end
end end