admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-18 02:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Allow disabling MFA with recovery codes (#12014)

Browse Source 
Co-authored-by: Tomi Turtiainen <10324676+tomi@users.noreply.github.com>
This commit is contained in:
Ricardo Espinoza
2024-12-04 10:02:06 -05:00
committed by GitHub
parent 2b6a72f128
commit 95d56fee8d
12 changed files with 98 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
packages/cli/test/integration/mfa/mfa.api.test.ts
View File

@@ -184,7 +184,19 @@ describe('Disable MFA setup', () => {
expect(dbUser.mfaRecoveryCodes.length).toBe(0);
});
test('POST /disable should fail if invalid mfaCode is given', async () => {
test('POST /disable should fail if invalid MFA recovery code is given', async () => {
const { user } = await createUserWithMfaEnabled();
await testServer
.authAgentFor(user)
.post('/mfa/disable')
.send({
mfaRecoveryCode: 'invalid token',
})
.expect(403);
});
test('POST /disable should fail if invalid MFA code is given', async () => {
const { user } = await createUserWithMfaEnabled();
await testServer
@@ -195,6 +207,12 @@ describe('Disable MFA setup', () => {
})
.expect(403);
});
test('POST /disable should fail if neither MFA code nor recovery code is sent', async () => {
const { user } = await createUserWithMfaEnabled();
await testServer.authAgentFor(user).post('/mfa/disable').send({ anotherParam: '' }).expect(400);
});
});
describe('Change password with MFA enabled', () => {