BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
5cd526f7
Commit
5cd526f7
authored
May 09, 2015
by
Robert Speicher
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Prevent "You are already signed in." error message upon 2FA login
parent
76873ce4
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
26 additions
and
3 deletions
+26
-3
sessions_controller.rb
app/controllers/sessions_controller.rb
+8
-2
login_spec.rb
spec/features/login_spec.rb
+18
-1
No files found.
app/controllers/sessions_controller.rb
View file @
5cd526f7
class
SessionsController
<
Devise
::
SessionsController
prepend_before_action
:authenticate_with_two_factor
,
only: :create
prepend_before_action
:authenticate_with_two_factor
,
only:
[
:create
]
# This action comes from DeviseController, but because we call `sign_in`
# manually inside `authenticate_with_two_factor`, not skipping this action
# would cause a "You are already signed in." error message to be shown upon
# successful login.
skip_before_action
:require_no_authentication
,
only:
[
:create
]
def
new
redirect_path
=
...
...
@@ -61,7 +67,7 @@ class SessionsController < Devise::SessionsController
# Remove any lingering user data from login
session
.
delete
(
:otp_user_id
)
sign_in
(
user
)
sign_in
(
user
)
and
return
else
flash
.
now
[
:alert
]
=
'Invalid two-factor code.'
render
:two_factor
and
return
...
...
spec/features/login_spec.rb
View file @
5cd526f7
...
...
@@ -15,6 +15,11 @@ feature 'Login' do
click_button
'Verify code'
end
it
'does not show a "You are already signed in." error message'
do
enter_code
(
user
.
current_otp
)
expect
(
page
).
not_to
have_content
(
'You are already signed in.'
)
end
context
'using one-time code'
do
it
'allows login with valid code'
do
enter_code
(
user
.
current_otp
)
...
...
@@ -66,7 +71,7 @@ feature 'Login' do
expect
(
user
.
reload
.
otp_backup_codes
.
size
).
to
eq
9
enter_code
(
code
)
expect
(
page
).
to
have_content
(
'Invalid two-factor code'
)
expect
(
page
).
to
have_content
(
'Invalid two-factor code
.
'
)
end
end
end
...
...
@@ -80,5 +85,17 @@ feature 'Login' do
login_with
(
user
)
expect
(
current_path
).
to
eq
root_path
end
it
'does not show a "You are already signed in." error message'
do
login_with
(
user
)
expect
(
page
).
not_to
have_content
(
'You are already signed in.'
)
end
it
'blocks invalid login'
do
user
=
create
(
:user
,
password:
'not-the-default'
)
login_with
(
user
)
expect
(
page
).
to
have_content
(
'Invalid email or password.'
)
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment