Fixes zammad#5283 - Admin password authentication is not possible whe…

…n 2FA is enabled.
cloucs · Jul 30, 2024 · 73a3042 · 73a3042
1 parent 5f642fa
commit 73a3042
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 1 deletion.
diff --git a/app/assets/javascripts/app/controllers/login.coffee b/app/assets/javascripts/app/controllers/login.coffee
@@ -42,7 +42,7 @@ class Login extends App.ControllerFullPage
         data:        JSON.stringify(params)
         processData: true
         success:     (verify_data, status, xhr) =>
-          data.showAdminPasswordLogin = true
+          @showAdminPasswordLogin = true
           data.username = verify_data.user_login
 
           @render(data)
@@ -83,6 +83,9 @@ class Login extends App.ControllerFullPage
       App.PublicLink.unsubscribe(@publicLinksSubscribeId)
 
   render: (data = {}) ->
+    if @showAdminPasswordLogin
+      data.showAdminPasswordLogin = true
+
     auth_provider_all = App.Config.get('auth_provider_all')
     auth_providers = []
     for key, provider of auth_provider_all

diff --git a/spec/system/admin_password_auth_spec.rb b/spec/system/admin_password_auth_spec.rb
@@ -52,6 +52,38 @@ def request_admin_password_auth
 
         expect(page).to have_css '#username'
       end
+
+      context 'with enabled two factor authentication' do
+        let(:password)         { 'some_test_password' }
+        let(:user)             { create(:admin, password: password) }
+        let(:token)            { two_factor_pref.configuration[:code] }
+        let!(:two_factor_pref) { create(:user_two_factor_preference, :authenticator_app, user: user) }
+
+        before do
+          Setting.set('two_factor_authentication_method_authenticator_app', true)
+        end
+
+        it 'logs in the admin user (#5283)' do
+          expect(page).to have_text 'Admin password login instructions were sent'
+          expect(generated_tokens.count).to eq 1
+          expect(generated_tokens.first.persistent).to be false
+
+          visit "/#login/admin/#{generated_tokens.first.token}"
+
+          within('#login') do
+            fill_in 'username', with: username
+            fill_in 'password', with: password
+
+            click_on('Sign in')
+
+            fill_in 'security_code', with: token
+
+            click_on('Sign in')
+          end
+
+          expect(page).to have_no_selector('#login')
+        end
+      end
     end
   end