Redirect away from two factor entry page if no target user is set in session

This commit is contained in:
Dominik Kwiatek 2020-10-19 12:20:44 +02:00
parent 5447e905c0
commit 00da21a13d
2 changed files with 19 additions and 0 deletions

View file

@ -27,6 +27,11 @@ class User::SessionsController < Devise::SessionsController
end
def two_factor_entry
unless session.has_key? :user_sign_in_uid
redirect_to root_url
return
end
self.resource = User.find(session[:user_sign_in_uid])
render 'auth/two_factor_authentication'
end

View file

@ -0,0 +1,14 @@
require 'rails_helper'
describe User::SessionsController do
before do
@request.env["devise.mapping"] = Devise.mappings[:user]
end
describe "#two_factor_entry" do
subject { get :two_factor_entry }
it "redirects back to the home page if no sign in target is set" do
expect(subject).to redirect_to :root
end
end
end