From 904003e9cc1325c5bd2eeabdc3b06bc3e01f60e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eduardo=20Sanz=20Garc=C3=ADa?= <esanz-garcia@gitlab.com>
Date: Thu, 31 Oct 2024 17:33:08 +0000
Subject: [PATCH] Replace non-existing path in the profile 2FA page

`new_profile_two_factor_auth_path` doesn't exists and it should be
`profile_two_factor_auth_path` instead.

Changelog: fixed
---
 .../profiles/two_factor_auths_controller.rb   |  4 +--
 .../two_factor_auths_controller_spec.rb       | 27 +++++++++++++++++++
 .../profiles/two_factor_auths_spec.rb         | 16 +++++++++++
 3 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index cf947d53ccc3b..0f37f052183fa 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -106,10 +106,10 @@ def destroy_webauthn
 
   def skip
     if two_factor_grace_period_expired?
-      redirect_to new_profile_two_factor_auth_path, alert: _('Cannot skip two factor authentication setup')
+      redirect_to profile_two_factor_auth_url, alert: _('Cannot skip two factor authentication setup')
     else
       session[:skip_two_factor] = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
-      redirect_to root_path
+      redirect_to root_url
     end
   end
 
diff --git a/spec/controllers/profiles/two_factor_auths_controller_spec.rb b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
index d380312af7325..4483c54879ec2 100644
--- a/spec/controllers/profiles/two_factor_auths_controller_spec.rb
+++ b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
@@ -489,4 +489,31 @@ def go
 
     it_behaves_like 'user must enter a valid current password'
   end
+
+  describe 'PATCH skip' do
+    let(:user) { create(:user, otp_grace_period_started_at: Time.zone.now) }
+
+    def request
+      patch :skip
+    end
+
+    before do
+      stub_application_setting(require_two_factor_authentication: true)
+      stub_application_setting(two_factor_grace_period: 24)
+    end
+
+    it 'redirects the user to the root url' do
+      request
+
+      expect(response).to redirect_to root_url
+    end
+
+    it 'redirects back to 2fa page if grace period expired' do
+      travel_to(27.hours.from_now) do
+        request
+
+        expect(response).to redirect_to profile_two_factor_auth_url
+      end
+    end
+  end
 end
diff --git a/spec/features/profiles/two_factor_auths_spec.rb b/spec/features/profiles/two_factor_auths_spec.rb
index bad72416e7889..4464a70717399 100644
--- a/spec/features/profiles/two_factor_auths_spec.rb
+++ b/spec/features/profiles/two_factor_auths_spec.rb
@@ -97,6 +97,22 @@
           stub_application_setting(require_two_factor_authentication: true)
         end
 
+        context 'when a grace period is set' do
+          before do
+            stub_application_setting(two_factor_grace_period: 24.hours)
+          end
+
+          it 'allows the user to skip enabling within the grace period', :js do
+            visit root_path
+
+            expect(page).to have_current_path(profile_two_factor_auth_path, ignore_query: true)
+
+            click_link 'Configure it later'
+
+            expect(page).to have_current_path(root_path)
+          end
+        end
+
         context 'when invalid pin is provided' do
           let_it_be(:user) { create(:omniauth_user) }
 
-- 
GitLab