Commit 959e4fab authored by Gosia Ksionek's avatar Gosia Ksionek Committed by Imre Farkas

Resolve User stuck in 2FA setup page even if group disable 2FA enforce

parent 1383abb6
...@@ -587,7 +587,7 @@ class Group < Namespace ...@@ -587,7 +587,7 @@ class Group < Namespace
def update_two_factor_requirement def update_two_factor_requirement
return unless saved_change_to_require_two_factor_authentication? || saved_change_to_two_factor_grace_period? return unless saved_change_to_require_two_factor_authentication? || saved_change_to_two_factor_grace_period?
members_with_descendants.find_each(&:update_two_factor_requirement) direct_and_indirect_members.find_each(&:update_two_factor_requirement)
end end
def path_changed_hook def path_changed_hook
......
---
title: Resolve User stuck in 2FA setup page even if group disable 2FA enforce
merge_request: 46432
author:
type: fixed
...@@ -967,6 +967,8 @@ RSpec.describe Group do ...@@ -967,6 +967,8 @@ RSpec.describe Group do
context 'expanded group members' do context 'expanded group members' do
let(:indirect_user) { create(:user) } let(:indirect_user) { create(:user) }
context 'two_factor_requirement is enabled' do
context 'two_factor_requirement is also enabled for ancestor group' do
it 'enables two_factor_requirement for subgroup member' do it 'enables two_factor_requirement for subgroup member' do
subgroup = create(:group, :nested, parent: group) subgroup = create(:group, :nested, parent: group)
subgroup.add_user(indirect_user, GroupMember::OWNER) subgroup.add_user(indirect_user, GroupMember::OWNER)
...@@ -975,16 +977,63 @@ RSpec.describe Group do ...@@ -975,16 +977,63 @@ RSpec.describe Group do
expect(indirect_user.reload.require_two_factor_authentication_from_group).to be_truthy expect(indirect_user.reload.require_two_factor_authentication_from_group).to be_truthy
end end
end
context 'two_factor_requirement is disabled for ancestor group' do
it 'enables two_factor_requirement for subgroup member' do
subgroup = create(:group, :nested, parent: group, require_two_factor_authentication: true)
subgroup.add_user(indirect_user, GroupMember::OWNER)
group.update!(require_two_factor_authentication: false)
it 'does not enable two_factor_requirement for ancestor group member' do expect(indirect_user.reload.require_two_factor_authentication_from_group).to be_truthy
end
it 'enable two_factor_requirement for ancestor group member' do
ancestor_group = create(:group) ancestor_group = create(:group)
ancestor_group.add_user(indirect_user, GroupMember::OWNER) ancestor_group.add_user(indirect_user, GroupMember::OWNER)
group.update!(parent: ancestor_group) group.update!(parent: ancestor_group)
group.update!(require_two_factor_authentication: true) group.update!(require_two_factor_authentication: true)
expect(indirect_user.reload.require_two_factor_authentication_from_group).to be_truthy
end
end
end
context 'two_factor_requirement is disabled' do
context 'two_factor_requirement is enabled for ancestor group' do
it 'enables two_factor_requirement for subgroup member' do
subgroup = create(:group, :nested, parent: group)
subgroup.add_user(indirect_user, GroupMember::OWNER)
group.update!(require_two_factor_authentication: true)
expect(indirect_user.reload.require_two_factor_authentication_from_group).to be_truthy
end
end
context 'two_factor_requirement is also disabled for ancestor group' do
it 'disables two_factor_requirement for subgroup member' do
subgroup = create(:group, :nested, parent: group)
subgroup.add_user(indirect_user, GroupMember::OWNER)
group.update!(require_two_factor_authentication: false)
expect(indirect_user.reload.require_two_factor_authentication_from_group).to be_falsey expect(indirect_user.reload.require_two_factor_authentication_from_group).to be_falsey
end end
it 'disables two_factor_requirement for ancestor group member' do
ancestor_group = create(:group, require_two_factor_authentication: false)
indirect_user.update!(require_two_factor_authentication_from_group: true)
ancestor_group.add_user(indirect_user, GroupMember::OWNER)
group.update!(require_two_factor_authentication: false)
expect(indirect_user.reload.require_two_factor_authentication_from_group).to be_falsey
end
end
end
end end
context 'project members' do context 'project members' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment