#61441 Allow user to set email ID before setting up 2FA

fa3aa0c5 · Kartikey Tanna · James Lopez · 6d495d65 · fa3aa0c5 · fa3aa0c5
Commit fa3aa0c5 authored May 22, 2019 by Kartikey Tanna Committed by James Lopez May 22, 2019
3 changed files
--- a/app/controllers/concerns/enforces_two_factor_authentication.rb
+++ b/app/controllers/concerns/enforces_two_factor_authentication.rb
@@ -16,7 +16,7 @@ module EnforcesTwoFactorAuthentication
  end
  def check_two_factor_requirement
-    if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled? && !skip_two_factor?
+    if two_factor_authentication_required? && current_user && !current_user.temp_oauth_email? && !current_user.two_factor_enabled? && !skip_two_factor?
      redirect_to profile_two_factor_auth_path
    end
  end

--- a/changelogs/unreleased/61441.yml
+++ b/changelogs/unreleased/61441.yml
+---
+title: Allow user to set primary email first when 2FA is required
+merge_request: 28097
+author: Kartikey Tanna
+type: fixed
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -206,8 +206,19 @@ describe ApplicationController do
    describe '#check_two_factor_requirement' do
      subject { controller.send :check_two_factor_requirement }
+      it 'does not redirect if user has temporary oauth email' do
+        oauth_user = create(:user, email: 'temp-email-for-oauth@email.com')
+        allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
+        allow(controller).to receive(:current_user).and_return(oauth_user)
+        expect(controller).not_to receive(:redirect_to)
+        subject
+      end
      it 'does not redirect if 2FA is not required' do
        allow(controller).to receive(:two_factor_authentication_required?).and_return(false)
        expect(controller).not_to receive(:redirect_to)
        subject
@@ -216,6 +227,7 @@ describe ApplicationController do
      it 'does not redirect if user is not logged in' do
        allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
        allow(controller).to receive(:current_user).and_return(nil)
        expect(controller).not_to receive(:redirect_to)
        subject
@@ -223,8 +235,9 @@ describe ApplicationController do
      it 'does not redirect if user has 2FA enabled' do
        allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
-        allow(controller).to receive(:current_user).twice.and_return(user)
+        allow(controller).to receive(:current_user).thrice.and_return(user)
        allow(user).to receive(:two_factor_enabled?).and_return(true)
        expect(controller).not_to receive(:redirect_to)
        subject
@@ -232,9 +245,10 @@ describe ApplicationController do
      it 'does not redirect if 2FA setup can be skipped' do
        allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
-        allow(controller).to receive(:current_user).twice.and_return(user)
+        allow(controller).to receive(:current_user).thrice.and_return(user)
        allow(user).to receive(:two_factor_enabled?).and_return(false)
        allow(controller).to receive(:skip_two_factor?).and_return(true)
        expect(controller).not_to receive(:redirect_to)
        subject
@@ -242,10 +256,11 @@ describe ApplicationController do
      it 'redirects to 2FA setup otherwise' do
        allow(controller).to receive(:two_factor_authentication_required?).and_return(true)
-        allow(controller).to receive(:current_user).twice.and_return(user)
+        allow(controller).to receive(:current_user).thrice.and_return(user)
        allow(user).to receive(:two_factor_enabled?).and_return(false)
        allow(controller).to receive(:skip_two_factor?).and_return(false)
        allow(controller).to receive(:profile_two_factor_auth_path)
        expect(controller).to receive(:redirect_to)
        subject