diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-26 15:07:48 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-26 15:07:48 +0300 |
commit | ef31adeb0fb9a02b2c6a4529ec4e38d7082a4b2b (patch) | |
tree | f0ee2b8bdffd7f91ad0b31388562c90825179585 /spec/controllers/admin | |
parent | 7e019504f5ac6decde690565857238e7e59aa034 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/controllers/admin')
-rw-r--r-- | spec/controllers/admin/sessions_controller_spec.rb | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/spec/controllers/admin/sessions_controller_spec.rb b/spec/controllers/admin/sessions_controller_spec.rb index fabd79133ec..351148dbc65 100644 --- a/spec/controllers/admin/sessions_controller_spec.rb +++ b/spec/controllers/admin/sessions_controller_spec.rb @@ -176,6 +176,48 @@ describe Admin::SessionsController, :do_not_mock_admin_mode do expect(controller.current_user_mode.admin_mode?).to be(true) end end + + context 'on a read-only instance' do + before do + allow(Gitlab::Database).to receive(:read_only?).and_return(true) + end + + it 'does not attempt to write to the database with valid otp' do + expect_any_instance_of(User).not_to receive(:save) + expect_any_instance_of(User).not_to receive(:save!) + + controller.store_location_for(:redirect, admin_root_path) + controller.current_user_mode.request_admin_mode! + + authenticate_2fa(otp_attempt: user.current_otp) + + expect(response).to redirect_to admin_root_path + end + + it 'does not attempt to write to the database with invalid otp' do + expect_any_instance_of(User).not_to receive(:save) + expect_any_instance_of(User).not_to receive(:save!) + + controller.current_user_mode.request_admin_mode! + + authenticate_2fa(otp_attempt: 'invalid') + + expect(response).to render_template('admin/sessions/two_factor') + expect(controller.current_user_mode.admin_mode?).to be(false) + end + + it 'does not attempt to write to the database with backup code' do + expect_any_instance_of(User).not_to receive(:save) + expect_any_instance_of(User).not_to receive(:save!) + + controller.current_user_mode.request_admin_mode! + + authenticate_2fa(otp_attempt: user.otp_backup_codes.first) + + expect(response).to render_template('admin/sessions/two_factor') + expect(controller.current_user_mode.admin_mode?).to be(false) + end + end end context 'when using two-factor authentication via U2F' do |