mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 05:36:00 +00:00
Verified mfa session expires on logout
Since sessions are invalidated upon logout.
This commit is contained in:
parent
39a205ed28
commit
ef9354a0cb
@ -38,14 +38,6 @@ class LoginService
|
||||
$this->setLastLoginAttemptedForUser($user, $method);
|
||||
throw new StoppedAuthenticationException($user, $this);
|
||||
// TODO - Does 'remember' still work? Probably not right now.
|
||||
|
||||
// TODO - Need to clear MFA sessions out upon logout
|
||||
|
||||
// Old MFA middleware todos:
|
||||
|
||||
// TODO - Handle email confirmation handling
|
||||
// Left BookStack\Http\Middleware\Authenticate@emailConfirmationErrorResponse in which needs
|
||||
// be removed as an example of old behaviour.
|
||||
}
|
||||
|
||||
$this->clearLastLoginAttempted();
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
namespace Tests\Auth;
|
||||
|
||||
use BookStack\Auth\Access\Mfa\MfaSession;
|
||||
use BookStack\Auth\Role;
|
||||
use BookStack\Auth\User;
|
||||
use BookStack\Entities\Models\Page;
|
||||
@ -326,6 +327,18 @@ class AuthTest extends BrowserKitTest
|
||||
->seePageIs('/login');
|
||||
}
|
||||
|
||||
public function test_mfa_session_cleared_on_logout()
|
||||
{
|
||||
$user = $this->getEditor();
|
||||
$mfaSession = $this->app->make(MfaSession::class);
|
||||
|
||||
$mfaSession->markVerifiedForUser($user);;
|
||||
$this->assertTrue($mfaSession->isVerifiedForUser($user));
|
||||
|
||||
$this->asAdmin()->visit('/logout');
|
||||
$this->assertFalse($mfaSession->isVerifiedForUser($user));
|
||||
}
|
||||
|
||||
public function test_reset_password_flow()
|
||||
{
|
||||
Notification::fake();
|
||||
|
Loading…
Reference in New Issue
Block a user