FIX: Invalid token error incorrectly displayed on email login page.
This commit is contained in:
Guo Xiang Tan
parent
8964e75ad6
commit
b16471edfb
|
|
@ -238,20 +238,24 @@ class SessionController < ApplicationController
|
||||||
|
|
||||||
def email_login
|
def email_login
|
||||||
raise Discourse::NotFound if !SiteSetting.enable_local_logins_via_email
|
raise Discourse::NotFound if !SiteSetting.enable_local_logins_via_email
|
||||||
|
second_factor_token = params[:second_factor_token]
|
||||||
if params[:second_factor_token].present?
|
|
||||||
@error = I18n.t("login.invalid_second_factor_code")
|
|
||||||
RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 3, 1.minute).performed!
|
|
||||||
end
|
|
||||||
|
|
||||||
token = params[:token]
|
token = params[:token]
|
||||||
valid_token = !!EmailToken.valid_token_format?(token)
|
valid_token = !!EmailToken.valid_token_format?(token)
|
||||||
user = EmailToken.confirmable(token)&.user
|
user = EmailToken.confirmable(token)&.user
|
||||||
|
|
||||||
if valid_token && user&.totp_enabled? && !user.authenticate_totp(params[:second_factor_token])
|
if valid_token && user&.totp_enabled?
|
||||||
@second_factor_required = true
|
RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 3, 1.minute).performed!
|
||||||
@error = I18n.t('login.invalid_second_factor_code')
|
|
||||||
elsif user = EmailToken.confirm(token)
|
if !second_factor_token.present?
|
||||||
|
@second_factor_required = true
|
||||||
|
return render layout: 'no_ember'
|
||||||
|
elsif !user.authenticate_totp(second_factor_token)
|
||||||
|
@error = I18n.t('login.invalid_second_factor_code')
|
||||||
|
return render layout: 'no_ember'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
if user = EmailToken.confirm(token)
|
||||||
if login_not_approved_for?(user)
|
if login_not_approved_for?(user)
|
||||||
@error = login_not_approved[:error]
|
@error = login_not_approved[:error]
|
||||||
elsif payload = login_error_check(user)
|
elsif payload = login_error_check(user)
|
||||||
|
|
|
||||||
|
|
@ -146,9 +146,15 @@ RSpec.describe SessionController do
|
||||||
|
|
||||||
expect(response.status).to eq(200)
|
expect(response.status).to eq(200)
|
||||||
|
|
||||||
expect(CGI.unescapeHTML(response.body)).to include(I18n.t(
|
response_body = CGI.unescapeHTML(response.body)
|
||||||
|
|
||||||
|
expect(response_body).to include(I18n.t(
|
||||||
"login.second_factor_title"
|
"login.second_factor_title"
|
||||||
))
|
))
|
||||||
|
|
||||||
|
expect(response_body).to_not include(I18n.t(
|
||||||
|
"login.invalid_second_factor_code"
|
||||||
|
))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue