From 2e549fa2d5963c617a0670245b769e5d276d17e8 Mon Sep 17 00:00:00 2001 From: Mashiro Date: Thu, 30 Sep 2021 11:19:08 +0800 Subject: Fix drawer tab menu routes in advanced web ui (#16793) --- app/javascript/mastodon/features/compose/index.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app') diff --git a/app/javascript/mastodon/features/compose/index.js b/app/javascript/mastodon/features/compose/index.js index 3d2796cd3..663dd324f 100644 --- a/app/javascript/mastodon/features/compose/index.js +++ b/app/javascript/mastodon/features/compose/index.js @@ -106,10 +106,10 @@ class Compose extends React.PureComponent { )} {!columns.some(column => column.get('id') === 'COMMUNITY') && ( - + )} {!columns.some(column => column.get('id') === 'PUBLIC') && ( - + )} -- cgit From 24f9ea781850ee8d105aa3e396eaef8499bc5efc Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 30 Sep 2021 05:26:29 +0200 Subject: Fix webauthn secure key authentication (#16792) * Add tests * Fix webauthn secure key authentication Fixes #16769 --- app/controllers/auth/sessions_controller.rb | 2 +- spec/controllers/auth/sessions_controller_spec.rb | 29 +++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) (limited to 'app') diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 2c3d510cb..d48abb707 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -42,7 +42,7 @@ class Auth::SessionsController < Devise::SessionsController end def webauthn_options - user = find_user + user = User.find_by(id: session[:attempt_user_id]) if user&.webauthn_enabled? options_for_get = WebAuthn::Credential.options_for_get( diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb index 051a0807d..f718f5dd9 100644 --- a/spec/controllers/auth/sessions_controller_spec.rb +++ b/spec/controllers/auth/sessions_controller_spec.rb @@ -519,4 +519,33 @@ RSpec.describe Auth::SessionsController, type: :controller do end end end + + describe 'GET #webauthn_options' do + context 'with WebAuthn and OTP enabled as second factor' do + let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http' }://#{Rails.configuration.x.web_domain}" } + + let(:fake_client) { WebAuthn::FakeClient.new(domain) } + + let!(:user) do + Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32)) + end + + before do + user.update(webauthn_id: WebAuthn.generate_user_id) + public_key_credential = WebAuthn::Credential.from_create(fake_client.create) + user.webauthn_credentials.create( + nickname: 'SecurityKeyNickname', + external_id: public_key_credential.id, + public_key: public_key_credential.public_key, + sign_count: '1000' + ) + post :create, params: { user: { email: user.email, password: user.password } } + end + + it 'returns http success' do + get :webauthn_options + expect(response).to have_http_status :ok + end + end + end end -- cgit