Skip to content

Commit eb631f6

Browse files
yash-rajpalyash-rajpal
authored
fix: Email 2FA auto opt in (RocketChat#37326)
1 parent 88aa28e commit eb631f6

3 files changed

Lines changed: 144 additions & 1 deletion

File tree

.changeset/lucky-bulldogs-divide.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'@rocket.chat/meteor': patch
3+
---
4+
5+
Fixes an issue related to creating new users, it should not auto opt in new users for email two factor authentication if any one of `Accounts_TwoFactorAuthentication_Enabled`, `Accounts_TwoFactorAuthentication_By_Email_Enabled` and `Accounts_TwoFactorAuthentication_By_Email_Auto_Opt_In` setting is disabled.

apps/meteor/app/authentication/server/startup/index.js

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -307,7 +307,11 @@ Accounts.insertUserDoc = async function (options, user) {
307307
user.type = 'user';
308308
}
309309

310-
if (settings.get('Accounts_TwoFactorAuthentication_By_Email_Auto_Opt_In')) {
310+
if (
311+
settings.get('Accounts_TwoFactorAuthentication_Enabled') &&
312+
settings.get('Accounts_TwoFactorAuthentication_By_Email_Enabled') &&
313+
settings.get('Accounts_TwoFactorAuthentication_By_Email_Auto_Opt_In')
314+
) {
311315
user.services = user.services || {};
312316
user.services.email2fa = {
313317
enabled: true,

apps/meteor/tests/end-to-end/api/users.ts

Lines changed: 134 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -693,6 +693,140 @@ describe('[Users]', () => {
693693
});
694694
});
695695
});
696+
697+
describe('default email2fa auto opt in configuration', () => {
698+
let user: IUser;
699+
700+
afterEach(async () => {
701+
await deleteUser(user);
702+
await updateSetting('Accounts_TwoFactorAuthentication_By_Email_Enabled', true);
703+
await updateSetting('Accounts_TwoFactorAuthentication_By_Email_Auto_Opt_In', true);
704+
await updateSetting('Accounts_TwoFactorAuthentication_Enabled', true);
705+
});
706+
707+
const dummyUser = {
708+
email: 'email2fa_auto_opt_in@rocket.chat',
709+
name: 'email2fa_auto_opt_in',
710+
username: 'email2fa_auto_opt_in',
711+
password,
712+
};
713+
714+
it('should auto opt in new users for email2fa ', async () => {
715+
await request
716+
.post(api('users.create'))
717+
.set(credentials)
718+
.send(dummyUser)
719+
.expect('Content-Type', 'application/json')
720+
.expect(200)
721+
.expect((res) => {
722+
expect(res.body).to.have.property('success', true);
723+
user = res.body.user;
724+
});
725+
726+
const newUserCredentials = await login(dummyUser.username, dummyUser.password);
727+
728+
await request
729+
.get(api('users.info'))
730+
.set(newUserCredentials)
731+
.query({
732+
username: dummyUser.username,
733+
})
734+
.expect('Content-Type', 'application/json')
735+
.expect(200)
736+
.expect((res) => {
737+
expect(res.body).to.have.property('success', true);
738+
expect(res.body).to.have.nested.property('user.services.email2fa.enabled', true);
739+
});
740+
});
741+
742+
it('should not auto opt in new users for email2fa if email2fa is disabled', async () => {
743+
await updateSetting('Accounts_TwoFactorAuthentication_By_Email_Enabled', false);
744+
await request
745+
.post(api('users.create'))
746+
.set(credentials)
747+
.send(dummyUser)
748+
.expect('Content-Type', 'application/json')
749+
.expect(200)
750+
.expect((res) => {
751+
expect(res.body).to.have.property('success', true);
752+
user = res.body.user;
753+
});
754+
755+
const newUserCredentials = await login(dummyUser.username, dummyUser.password);
756+
757+
await request
758+
.get(api('users.info'))
759+
.set(newUserCredentials)
760+
.query({
761+
username: dummyUser.username,
762+
})
763+
.expect('Content-Type', 'application/json')
764+
.expect(200)
765+
.expect((res) => {
766+
expect(res.body).to.have.property('success', true);
767+
expect(res.body).to.not.have.nested.property('user.services.email2fa.enabled');
768+
});
769+
});
770+
771+
it('should not auto opt in new users for email2fa if two factor authentication is disabled', async () => {
772+
await updateSetting('Accounts_TwoFactorAuthentication_Enabled', false);
773+
await request
774+
.post(api('users.create'))
775+
.set(credentials)
776+
.send(dummyUser)
777+
.expect('Content-Type', 'application/json')
778+
.expect(200)
779+
.expect((res) => {
780+
expect(res.body).to.have.property('success', true);
781+
user = res.body.user;
782+
});
783+
784+
const newUserCredentials = await login(dummyUser.username, dummyUser.password);
785+
786+
await request
787+
.get(api('users.info'))
788+
.set(newUserCredentials)
789+
.query({
790+
username: dummyUser.username,
791+
})
792+
.expect('Content-Type', 'application/json')
793+
.expect(200)
794+
.expect((res) => {
795+
expect(res.body).to.have.property('success', true);
796+
expect(res.body).to.not.have.nested.property('user.services.email2fa.enabled');
797+
});
798+
});
799+
800+
it('should not auto opt in new users for email2fa if email2fa is enabled but auto opt in is disabled', async () => {
801+
await updateSetting('Accounts_TwoFactorAuthentication_By_Email_Auto_Opt_In', false);
802+
803+
await request
804+
.post(api('users.create'))
805+
.set(credentials)
806+
.send(dummyUser)
807+
.expect('Content-Type', 'application/json')
808+
.expect(200)
809+
.expect((res) => {
810+
expect(res.body).to.have.property('success', true);
811+
user = res.body.user;
812+
});
813+
814+
const newUserCredentials = await login(dummyUser.username, dummyUser.password);
815+
816+
await request
817+
.get(api('users.info'))
818+
.set(newUserCredentials)
819+
.query({
820+
username: dummyUser.username,
821+
})
822+
.expect('Content-Type', 'application/json')
823+
.expect(200)
824+
.expect((res) => {
825+
expect(res.body).to.have.property('success', true);
826+
expect(res.body).to.not.have.nested.property('user.services.email2fa.enabled');
827+
});
828+
});
829+
});
696830
});
697831

698832
describe('[/users.register]', () => {

0 commit comments

Comments
 (0)