From 2f71ac6f77991e8356c8b1038b38dbf2b84ac894 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 26 Jul 2022 11:43:36 +0200 Subject: [PATCH] Bug 28787: Fix misleading tests in two_factor_auth.t We were having a "Patron is not authenticated yet" comment, but it was not correct, we set 'number' and 'id' in session, and waiting-for-2FA was not set => the patron is fully authenticated. The test returned 401 because we fully authenticated user cannot request an otp token when not waiting for the second auth step. This situation is already covered (last test of the subtest). Test plan: prove t/db_dependent/api/v1/two_factor_auth.t must return green Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi --- t/db_dependent/api/v1/two_factor_auth.t | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/t/db_dependent/api/v1/two_factor_auth.t b/t/db_dependent/api/v1/two_factor_auth.t index fc9796dba5..8278e8d5e0 100755 --- a/t/db_dependent/api/v1/two_factor_auth.t +++ b/t/db_dependent/api/v1/two_factor_auth.t @@ -57,8 +57,6 @@ subtest 'send_otp_token' => sub { ); my $session = C4::Auth::get_session(''); - $session->param( 'number', $patron->borrowernumber ); - $session->param( 'id', $patron->userid ); $session->param( 'ip', '127.0.0.1' ); $session->param( 'lasttime', time() ); $session->flush; @@ -70,6 +68,9 @@ subtest 'send_otp_token' => sub { # Patron is not authenticated yet $t->request_ok($tx)->status_is(401); + # Patron is partially authenticated (credentials correct) + $session->param( 'number', $patron->borrowernumber ); + $session->param( 'id', $patron->userid ); $session->param('waiting-for-2FA', 1); $session->flush; @@ -108,6 +109,7 @@ subtest 'send_otp_token' => sub { $t->request_ok($tx)->status_is(403); $patron->flags(20)->store; + # Patron is fully authenticated, cannot request a token again $session->param('waiting-for-2FA', 0); $session->flush; $tx = $t->ua->build_tx( POST => "/api/v1/auth/otp/token_delivery" ); -- 2.39.5