Skip to content

LG-6274: Allow users to select phone as their sole second option #6356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jmdembe merged 9 commits into from
May 20, 2022
Merged

LG-6274: Allow users to select phone as their sole second option #6356

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
3cb3d76
write tests that mock two form submissions
jmdembe May 13, 2022
66413cc
change validation rule
jmdembe May 16, 2022
4bb47d9
refactor logic
jmdembe May 16, 2022
303aed3
write test for phone only selection on 1st screen
jmdembe May 18, 2022
da73ab0
refactor with phone only mfa method
jmdembe May 18, 2022
8305860
first iteration of test for bug
jmdembe May 18, 2022
85a26a6
address PR comment; fix test
jmdembe May 19, 2022
65c1de0
uncomment tests
jmdembe May 19, 2022
9b3f27f
Address PR comment
jmdembe May 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 12 additions & 9 deletions app/forms/two_factor_options_form.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,7 @@ class TwoFactorOptionsForm
validates :selection, inclusion: { in: %w[phone sms voice auth_app piv_cac
webauthn webauthn_platform
backup_code] }
validates :selection, length: { minimum: 2, message: 'phone' }, if: [
:multiple_mfa_options_enabled?,
:phone_selected?,
:phone_only_mfa_method?,
]
validates :selection, length: { minimum: 2, message: 'phone' }, if: :phone_validations?

def initialize(user)
self.user = user
Expand Down Expand Up @@ -47,15 +43,22 @@ def update_otp_delivery_preference_for_user
UpdateUser.new(user: user, attributes: user_attributes).call
end

def multiple_mfa_options_enabled?
IdentityConfig.store.select_multiple_mfa_options
end

def phone_selected?
selection.include?('phone') || selection.include?('voice') || selection.include?('sms')
end

def phone_only_mfa_method?
MfaContext.new(user).enabled_mfa_methods_count == 0
end

def phone_alternative_enabled?
count = MfaContext.new(user).enabled_mfa_methods_count
count >= 2 || (count == 1 && MfaContext.new(user).phone_configurations.none?)
end

def phone_validations?
IdentityConfig.store.select_multiple_mfa_options &&
phone_selected? && phone_only_mfa_method? &&
!phone_alternative_enabled?
end
end
25 changes: 25 additions & 0 deletions spec/forms/two_factor_options_form_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,5 +62,30 @@
subject.submit(selection: 'auth_app')
end
end

context 'when phone is selected as their first authentication method' do
before do
allow(IdentityConfig.store).to receive(:select_multiple_mfa_options).and_return(true)
end

it 'does not submit the phone when selected as the first single option' do
result = subject.submit(selection: ['phone'])

expect(result.success?).to eq false
end
end

context 'when a user wants to select phone as their second authentication method' do
let(:user) { create(:user, :with_authentication_app) }
before do
allow(IdentityConfig.store).to receive(:select_multiple_mfa_options).and_return(true)
end

it 'submits the form' do
result = subject.submit(selection: ['phone'])

expect(result.success?).to eq true
end
end
end
end