Follow up - 4c98b08 - Maintenance: Improve Two-Factor disabled method…

…s handling.
zammad · May 6, 2024 · f829e8a · f829e8a
1 parent bde57cb
commit f829e8a
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 28 deletions.
diff --git a/app/assets/javascripts/app/controllers/_profile/password.coffee b/app/assets/javascripts/app/controllers/_profile/password.coffee
@@ -252,7 +252,7 @@ App.Config.set('Password', {
     canChangePassword = App.Config.get('user_show_password_login') ||
       controller.permissionCheck('admin.*')
 
-    twoFactorEnabled  = App.Config.get('two_factor_authentication_method_authenticator_app') &&
+    twoFactorEnabled  = App.TwoFactorMethods.isAnyAuthenticationMethodEnabled() &&
       controller.permissionCheck('user_preferences.two_factor_authentication')
 
     return false if !canChangePassword && !twoFactorEnabled

diff --git a/app/assets/javascripts/app/lib/app_post/two_factor_methods.coffee b/app/assets/javascripts/app/lib/app_post/two_factor_methods.coffee
@@ -1,10 +1,12 @@
 class App.TwoFactorMethods
   @sortedMethods: ->
-    all_methods = App.Config.get('TwoFactorMethods')
-
-    _.sortBy all_methods, (elem) -> elem.order
+    _.sortBy App.Config.get('TwoFactorMethods'), (elem) -> elem.order
 
   @methodByKey: (key) ->
     _.findWhere App.Config.get('TwoFactorMethods'), { key: key }
 
+  @authenticationMethods: ->
+    _.where @sortedMethods(), { authenticationMethod: true }
 
+  @isAnyAuthenticationMethodEnabled: ->
+    _.some @authenticationMethods(), (elem) -> App.Config.get(elem.settingKey)
diff --git a/app/assets/javascripts/app/lib/app_post/two_factor_methods/authenticator_app.coffee b/app/assets/javascripts/app/lib/app_post/two_factor_methods/authenticator_app.coffee
@@ -1,10 +1,12 @@
 App.Config.set('AuthenticatorApp', {
-  key:         'authenticator_app'
-  identifier:  'AuthenticatorApp'
-  editable:    true
-  label:       __('Authenticator App')
-  description: __('Get the security code from the authenticator app on your device.')
-  helpMessage: __('Enter the code from your two-factor authenticator app.')
-  icon:        'mobile-code'
-  order:       2000
+  key:                  'authenticator_app'
+  identifier:           'AuthenticatorApp'
+  editable:             true
+  label:                __('Authenticator App')
+  description:          __('Get the security code from the authenticator app on your device.')
+  helpMessage:          __('Enter the code from your two-factor authenticator app.')
+  icon:                 'mobile-code'
+  order:                2000
+  authenticationMethod: true
+  settingKey:           'two_factor_authentication_method_authenticator_app'
 }, 'TwoFactorMethods')
diff --git a/app/assets/javascripts/app/lib/app_post/two_factor_methods/recovery_codes.coffee b/app/assets/javascripts/app/lib/app_post/two_factor_methods/recovery_codes.coffee
@@ -1,9 +1,11 @@
 App.Config.set('RecoveryCodes', {
-  key:         'recovery_codes'
-  identifier:  'RecoveryCodes'
-  label:       __('Recovery Codes')
-  description: __('Use one of your safely stored recovery codes.')
-  helpMessage: __('Enter one of your unused recovery codes.')
-  icon:        'mobile-code'
-  order:       2000
+  key:                  'recovery_codes'
+  identifier:           'RecoveryCodes'
+  label:                __('Recovery Codes')
+  description:          __('Use one of your safely stored recovery codes.')
+  helpMessage:          __('Enter one of your unused recovery codes.')
+  icon:                 'mobile-code'
+  order:                2000
+  authenticationMethod: false
+  settingKey:           'two_factor_authentication_recovery_codes'
 }, 'TwoFactorMethods')
diff --git a/app/assets/javascripts/app/lib/app_post/two_factor_methods/security_keys.coffee b/app/assets/javascripts/app/lib/app_post/two_factor_methods/security_keys.coffee
@@ -1,10 +1,12 @@
 App.Config.set('SecurityKeys', {
-  key:         'security_keys'
-  identifier:  'SecurityKeys'
-  editable:    true
-  label:       __('Security Keys')
-  description: __('Complete the sign-in with your security key.')
-  helpMessage: __('Complete the sign-in with your security key.')
-  icon:        'security-key'
-  order:       1000
+  key:                  'security_keys'
+  identifier:           'SecurityKeys'
+  editable:             true
+  label:                __('Security Keys')
+  description:          __('Complete the sign-in with your security key.')
+  helpMessage:          __('Complete the sign-in with your security key.')
+  icon:                 'security-key'
+  order:                1000
+  authenticationMethod: true
+  settingKey:           'two_factor_authentication_method_security_keys'
 }, 'TwoFactorMethods')
diff --git a/spec/system/profile/password_spec.rb b/spec/system/profile/password_spec.rb
@@ -35,6 +35,16 @@
         .and have_text('Two-factor Authentication')
     end
 
+    it 'shows two factor if another two factor method enabled' do
+      password_and_authenticate(password: false, two_factor: false, alternative_two_factor: true)
+
+      visit 'profile/password'
+
+      expect(page)
+        .to have_no_text('Change Your Password')
+        .and have_text('Two-factor Authentication')
+    end
+
     context 'when user has no two factor permission' do
       before do
         user.roles.each { |role| role.permission_revoke('user_preferences.two_factor_authentication') }
@@ -58,8 +68,9 @@
       end
     end
 
-    def password_and_authenticate(password:, two_factor:)
+    def password_and_authenticate(password:, two_factor:, alternative_two_factor: false)
       Setting.set('two_factor_authentication_method_authenticator_app', two_factor)
+      Setting.set('two_factor_authentication_method_security_keys', alternative_two_factor)
       Setting.set('two_factor_authentication_enforce_role_ids', [])
       Setting.set('user_show_password_login', password)
     end