diff --git a/config/discourse_defaults.conf b/config/discourse_defaults.conf index 9d44aa39f9..aee0f88ab2 100644 --- a/config/discourse_defaults.conf +++ b/config/discourse_defaults.conf @@ -236,7 +236,7 @@ max_logster_logs = 1000 # during precompile update maxmind database if older than N days # set to 0 to disable -refresh_maxmind_db_during_precompile_days = 30 +refresh_maxmind_db_during_precompile_days = 2 # backup path containing maxmind db files maxmind_backup_path = diff --git a/spec/requests/session_controller_spec.rb b/spec/requests/session_controller_spec.rb index 6c015d7874..e7e54946f1 100644 --- a/spec/requests/session_controller_spec.rb +++ b/spec/requests/session_controller_spec.rb @@ -459,80 +459,6 @@ RSpec.describe SessionController do )) end end - - context "user has only security key enabled" do - let!(:user_security_key) do - Fabricate( - :user_security_key, - user: user, - credential_id: valid_security_key_data[:credential_id], - public_key: valid_security_key_data[:public_key] - ) - end - - before do - simulate_localhost_webauthn_challenge - - # store challenge in secure session by visiting the email login page - get "/session/email-login/#{email_token.token}.json" - end - - context "when the security key params are blank and a random second factor token is provided" do - it "shows an error message and denies login" do - - post "/session/email-login/#{email_token.token}.json", params: { - second_factor_token: "XXXXXXX", - second_factor_method: UserSecondFactor.methods[:totp] - } - - expect(response.status).to eq(200) - expect(session[:current_user_id]).to eq(nil) - response_body = JSON.parse(response.body) - expect(response_body['error']).to eq(I18n.t( - 'login.invalid_second_factor_code' - )) - end - end - context "when the security key params are invalid" do - it" shows an error message and denies login" do - - post "/session/email-login/#{email_token.token}.json", params: { - security_key_credential: { - signature: 'bad_sig', - clientData: 'bad_clientData', - credentialId: 'bad_credential_id', - authenticatorData: 'bad_authenticator_data' - }, - second_factor_method: UserSecondFactor.methods[:security_key] - } - - expect(response.status).to eq(200) - expect(session[:current_user_id]).to eq(nil) - response_body = JSON.parse(response.body) - expect(response_body["failed"]).to eq("FAILED") - expect(response_body['error']).to eq(I18n.t( - 'webauthn.validation.not_found_error' - )) - end - end - context "when the security key params are valid" do - it "logs the user in" do - - post "/session/email-login/#{email_token.token}.json", params: { - login: user.username, - password: 'myawesomepassword', - security_key_credential: valid_security_key_auth_post_data, - second_factor_method: UserSecondFactor.methods[:security_key] - } - - expect(response.status).to eq(200) - user.reload - - expect(session[:current_user_id]).to eq(user.id) - expect(user.user_auth_tokens.count).to eq(1) - end - end - end end end diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb index f9429fed04..e061734c75 100644 --- a/spec/requests/users_controller_spec.rb +++ b/spec/requests/users_controller_spec.rb @@ -462,26 +462,6 @@ describe UsersController do expect(response.body).to include(I18n.t("webauthn.validation.not_found_error")) end end - - context "when security key authentication fails" do - it 'shows an error message and does not change password' do - put "/u/password-reset/#{token}", params: { - password: 'hg9ow8yHG32O', - security_key_credential: { - signature: 'bad', - clientData: 'bad', - authenticatorData: 'bad', - credentialId: 'bad' - }, - second_factor_method: UserSecondFactor.methods[:security_key] - } - - user.reload - expect(user.confirm_password?('hg9ow8yHG32O')).to eq(false) - expect(response.status).to eq(200) - expect(JSON.parse(response.body)['errors']).to include(I18n.t("webauthn.validation.not_found_error")) - end - end end end