Prevent "You are already signed in." error message upon 2FA login
This commit is contained in:
Robert Speicher
parent
76873ce4a4
commit
5cd526f77f
|
|
@ -1,5 +1,11 @@
|
||||||
class SessionsController < Devise::SessionsController
|
class SessionsController < Devise::SessionsController
|
||||||
prepend_before_action :authenticate_with_two_factor, only: :create
|
prepend_before_action :authenticate_with_two_factor, only: [:create]
|
||||||
|
|
||||||
|
# This action comes from DeviseController, but because we call `sign_in`
|
||||||
|
# manually inside `authenticate_with_two_factor`, not skipping this action
|
||||||
|
# would cause a "You are already signed in." error message to be shown upon
|
||||||
|
# successful login.
|
||||||
|
skip_before_action :require_no_authentication, only: [:create]
|
||||||
|
|
||||||
def new
|
def new
|
||||||
redirect_path =
|
redirect_path =
|
||||||
|
|
@ -61,7 +67,7 @@ class SessionsController < Devise::SessionsController
|
||||||
# Remove any lingering user data from login
|
# Remove any lingering user data from login
|
||||||
session.delete(:otp_user_id)
|
session.delete(:otp_user_id)
|
||||||
|
|
||||||
sign_in(user)
|
sign_in(user) and return
|
||||||
else
|
else
|
||||||
flash.now[:alert] = 'Invalid two-factor code.'
|
flash.now[:alert] = 'Invalid two-factor code.'
|
||||||
render :two_factor and return
|
render :two_factor and return
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,11 @@ feature 'Login' do
|
||||||
click_button 'Verify code'
|
click_button 'Verify code'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'does not show a "You are already signed in." error message' do
|
||||||
|
enter_code(user.current_otp)
|
||||||
|
expect(page).not_to have_content('You are already signed in.')
|
||||||
|
end
|
||||||
|
|
||||||
context 'using one-time code' do
|
context 'using one-time code' do
|
||||||
it 'allows login with valid code' do
|
it 'allows login with valid code' do
|
||||||
enter_code(user.current_otp)
|
enter_code(user.current_otp)
|
||||||
|
|
@ -66,7 +71,7 @@ feature 'Login' do
|
||||||
expect(user.reload.otp_backup_codes.size).to eq 9
|
expect(user.reload.otp_backup_codes.size).to eq 9
|
||||||
|
|
||||||
enter_code(code)
|
enter_code(code)
|
||||||
expect(page).to have_content('Invalid two-factor code')
|
expect(page).to have_content('Invalid two-factor code.')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -80,5 +85,17 @@ feature 'Login' do
|
||||||
login_with(user)
|
login_with(user)
|
||||||
expect(current_path).to eq root_path
|
expect(current_path).to eq root_path
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'does not show a "You are already signed in." error message' do
|
||||||
|
login_with(user)
|
||||||
|
expect(page).not_to have_content('You are already signed in.')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'blocks invalid login' do
|
||||||
|
user = create(:user, password: 'not-the-default')
|
||||||
|
|
||||||
|
login_with(user)
|
||||||
|
expect(page).to have_content('Invalid email or password.')
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue