Add latest changes from gitlab-org/gitlab@16-3-stable-eev16.3.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-08-18 13:50:51 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-08-18 13:50:51 +0300
commit: db384e6b19af03b4c3c82a5760d83a3fd79f7982 (patch)
tree: 34beaef37df5f47ccbcf5729d7583aae093cffa0 /spec/controllers/sessions_controller_spec.rb
parent: 54fd7b1bad233e3944434da91d257fa7f63c3996 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index a09b3318c25..ce9703753cf 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -538,6 +538,26 @@ RSpec.describe SessionsController, feature_category: :system_access do
         expect(AuthenticationEvent.last.provider).to eq("two-factor-via-webauthn-device")
       end
     end
+
+    context 'when the user is locked and submits a valid verification token' do
+      let(:user) { create(:user) }
+      let(:user_params) { { verification_token: 'token' } }
+      let(:session_params) { { verification_user_id: user.id } }
+      let(:post_action) { post(:create, params: { user: user_params }, session: session_params) }
+
+      before do
+        encrypted_token = Devise.token_generator.digest(User, user.email, 'token')
+        user.update!(locked_at: Time.current, unlock_token: encrypted_token)
+      end
+
+      it_behaves_like 'known sign in'
+
+      it 'successfully logs in a user' do
+        post_action
+
+        expect(subject.current_user).to eq user
+      end
+    end
   end
 
   context 'when login fails' do
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-08-18 13:50:51 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-08-18 13:50:51 +0300
commit	db384e6b19af03b4c3c82a5760d83a3fd79f7982 (patch)
tree	34beaef37df5f47ccbcf5729d7583aae093cffa0 /spec/controllers/sessions_controller_spec.rb
parent	54fd7b1bad233e3944434da91d257fa7f63c3996 (diff)