FIX: password reset with security key (#27358)

This regressed in 0434112. Co-authored-by: Penar Musaraj <pmusaraj@gmail.com> Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-06-05 20:26:22 -03:00 · 2024-06-05 20:26:22 -03:00 · 343430fe77
parent f66d317ee0
commit 343430fe77
2 changed files with 46 additions and 0 deletions
--- a/app/assets/javascripts/discourse/app/controllers/password-reset.js
+++ b/app/assets/javascripts/discourse/app/controllers/password-reset.js
@ -136,6 +136,10 @@ export default Controller.extend(PasswordValidation, {
    },

    authenticateSecurityKey() {
+      this.set(
+        "selectedSecondFactorMethod",
+        SECOND_FACTOR_METHODS.SECURITY_KEY
+      );
      getWebauthnCredential(
        this.model.challenge,
        this.model.allowed_credential_ids,
--- a/spec/system/login_spec.rb
+++ b/spec/system/login_spec.rb
@ -4,7 +4,9 @@ require "rotp"

 shared_examples "login scenarios" do
  let(:login_modal) { PageObjects::Modals::Login.new }
+  let(:user_preferences_security_page) { PageObjects::Pages::UserPreferencesSecurity.new }
  fab!(:user) { Fabricate(:user, username: "john", password: "supersecurepassword") }
+  let(:user_menu) { PageObjects::Components::UserMenu.new }

  before { Jobs.run_immediately! }

@ -224,6 +226,46 @@ shared_examples "login scenarios" do
      find(".change-password-form .btn-primary").click
      expect(page).to have_css(".header-dropdown-toggle.current-user")
    end
+
+    it "can reset password with a security key" do
+      # testing the 2FA flow requires a user that was created > 5 minutes ago
+      user.created_at = 6.minutes.ago
+      user.save!
+      sign_in(user)
+      options = ::Selenium::WebDriver::VirtualAuthenticatorOptions.new
+      authenticator = page.driver.browser.add_virtual_authenticator(options)
+
+      user_preferences_security_page.visit(user)
+      user_preferences_security_page.visit_second_factor("supersecurepassword")
+
+      find(".security-key .new-security-key").click
+      expect(user_preferences_security_page).to have_css("input#security-key-name")
+
+      find(".d-modal__body input#security-key-name").fill_in(with: "First Key")
+      find(".add-security-key").click
+
+      expect(user_preferences_security_page).to have_css(".security-key .second-factor-item")
+
+      user_menu.sign_out
+
+      # reset password flow
+      login_modal.open
+      login_modal.fill_username("john")
+      login_modal.forgot_password
+      find("button.forgot-password-reset").click
+
+      reset_password_link = wait_for_email_link(user, :reset_password)
+      visit reset_password_link
+
+      find("#security-key .btn-primary").click
+
+      find("#new-account-password").fill_in(with: "newsuperpassword")
+      find(".change-password-form .btn-primary").click
+      expect(page).to have_css(".header-dropdown-toggle.current-user")
+    ensure
+      # clear authenticator (otherwise it will interfere with other tests)
+      authenticator&.remove!
+    end
  end
 end