From 4c1c4ba8d42db4d1c732af69c39740d2aee91410 Mon Sep 17 00:00:00 2001 From: Jeff Wong Date: Fri, 24 Jan 2025 11:50:52 -0800 Subject: [PATCH] FIX: enforce second factor with subfolders (#30992) fix an improper redirect when enforcing second factor under a subfolder install --- app/controllers/application_controller.rb | 2 +- spec/requests/application_controller_spec.rb | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 69bb118b416..631ea3ea65a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -893,7 +893,7 @@ class ApplicationController < ActionController::Base redirect_path = path("/u/#{current_user.encoded_username}/preferences/second-factor") if !request.fullpath.start_with?(redirect_path) - redirect_to path(redirect_path) + redirect_to redirect_path nil end end diff --git a/spec/requests/application_controller_spec.rb b/spec/requests/application_controller_spec.rb index 242c7b373f8..0bd21a53cf0 100644 --- a/spec/requests/application_controller_spec.rb +++ b/spec/requests/application_controller_spec.rb @@ -142,6 +142,15 @@ RSpec.describe ApplicationController do expect(response).to redirect_to("/u/#{admin.username}/preferences/second-factor") end + it "should properly redirect admins when enforce_second_factor is 'all' in subfolder" do + set_subfolder "/forum" + SiteSetting.enforce_second_factor = "all" + sign_in(admin) + + get "/" + expect(response).to redirect_to("/forum/u/#{admin.username}/preferences/second-factor") + end + it "should redirect users when enforce_second_factor is 'all'" do SiteSetting.enforce_second_factor = "all" sign_in(user)