Add ability to skip sign-in token authentication for specific users (#16427)

Remove "active within last two weeks" exception for sign in token requirement Change admin reset password to lock access until the password is reset
2021-07-08 05:31:28 +02:00 · 2021-07-08 05:31:28 +02:00 · 771c9d4ba8
commit 771c9d4ba8
parent 2e0eac71dd
14 changed files with 160 additions and 32 deletions
--- a/spec/controllers/admin/resets_controller_spec.rb
+++ b/spec/controllers/admin/resets_controller_spec.rb
@ -16,7 +16,7 @@ describe Admin::ResetsController do

      post :create, params: { account_id: account.id }

-      expect(response).to redirect_to(admin_accounts_path)
+      expect(response).to redirect_to(admin_account_path(account.id))
    end
  end
 end
--- a/spec/controllers/admin/two_factor_authentications_controller_spec.rb
+++ b/spec/controllers/admin/two_factor_authentications_controller_spec.rb
@ -15,12 +15,12 @@ describe Admin::TwoFactorAuthenticationsController do
        user.update(otp_required_for_login: true)
      end

-      it 'redirects to admin accounts page' do
+      it 'redirects to admin account page' do
        delete :destroy, params: { user_id: user.id }

        user.reload
        expect(user.otp_enabled?).to eq false
-        expect(response).to redirect_to(admin_accounts_path)
+        expect(response).to redirect_to(admin_account_path(user.account_id))
      end
    end

@ -38,13 +38,13 @@ describe Admin::TwoFactorAuthenticationsController do
                  nickname: 'Security Key')
      end

-      it 'redirects to admin accounts page' do
+      it 'redirects to admin account page' do
        delete :destroy, params: { user_id: user.id }

        user.reload
        expect(user.otp_enabled?).to eq false
        expect(user.webauthn_enabled?).to eq false
-        expect(response).to redirect_to(admin_accounts_path)
+        expect(response).to redirect_to(admin_account_path(user.account_id))
      end
    end
  end