diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2019-10-23 18:20:28 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew@mysociety.org> | 2019-10-28 17:11:00 +0000 |
| commit | d551a1f6a7be39646e718683b14a572402e23981 (patch) | |
| tree | 7c6129a7fe2adbf4123f58f6765bdccc3178892d /t/app/controller | |
| parent | dce115c18fcc3565176b0d65fe7a70926a8eb213 (diff) | |
Allow non-superusers to store 2FA secrets.
Diffstat (limited to 't/app/controller')
| -rw-r--r-- | t/app/controller/auth.t | 1 | ||||
| -rw-r--r-- | t/app/controller/auth_profile.t | 12 |
2 files changed, 9 insertions, 4 deletions
diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index ffabc75f3..fc1966b17 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -290,7 +290,6 @@ subtest "Test two-factor authentication login" => sub { my $wrong_code = $auth->code(undef, time() - 120); my $user = FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); - $user->is_superuser(1); $user->password('password'); $user->set_extra_metadata('2fa_secret', $auth->secret32); $user->update; diff --git a/t/app/controller/auth_profile.t b/t/app/controller/auth_profile.t index 815098caa..6cab1fb6c 100644 --- a/t/app/controller/auth_profile.t +++ b/t/app/controller/auth_profile.t @@ -359,6 +359,8 @@ subtest "Test superuser can access generate token page" => sub { $mech->get_ok('/auth/generate_token'); }; +my $body = $mech->create_body_ok(2237, 'Oxfordshire'); + subtest "Test staff user can access generate token page" => sub { my $user = FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); ok $user->update({ is_superuser => 0 }), 'user not superuser'; @@ -374,8 +376,6 @@ subtest "Test staff user can access generate token page" => sub { $mech->content_lacks('Security'); - my $body = $mech->create_body_ok(2237, 'Oxfordshire'); - $mech->get('/auth/generate_token'); is $mech->res->code, 403, "access denied"; @@ -428,8 +428,13 @@ subtest "Test generate token page" => sub { }; subtest "Test two-factor authentication admin" => sub { + for (0, 1) { my $user = $mech->log_in_ok($test_email); - ok $user->update({ is_superuser => 1 }), 'user set to superuser'; + if ($_) { + ok $user->update({ is_superuser => 1, from_body => undef }), 'user set to superuser'; + } else { + ok $user->update({ is_superuser => 0, from_body => $body }), 'user set to staff user'; + } $mech->get_ok('/auth/generate_token'); ok !$user->get_extra_metadata('2fa_secret'); @@ -448,4 +453,5 @@ subtest "Test two-factor authentication admin" => sub { $mech->submit_form_ok({ button => 'toggle_2fa' }, "submit 2FA deactivation"); $mech->content_contains('has been deactivated', "2FA deactivated"); + } }; |