spring-security-samples icon indicating copy to clipboard operation
spring-security-samples copied to clipboard

Published 20 hours ago verified publisher icon spring-projects

Multi-factor authentication: The second factor can be skipped

Open SentretC opened this issue 2 years ago • 0 comments

Simply remove the second factor part from mfaWhenWrongCodeThenRedirects and the test fails:

@Test
void mfaWhenSecondFactorSkippedThenRedirects() throws Exception {
	// @formatter:off
	MvcResult result = this.mockMvc.perform(formLogin()
					.user("[email protected]")
					.password("password"))
			.andExpect(redirectedUrl("/second-factor"))
			.andReturn();

	HttpSession session = result.getRequest().getSession();

	// skip the second factor

	this.mockMvc.perform(post("/third-factor")
					.session((MockHttpSession) session)
					.param("answer", "smith")
					.with(csrf()))
			.andExpect(redirectedUrl("/login?error"));
	// @formatter:on
}

Test output:

Redirected URL expected:</login?error> but was:</>
Expected :/login?error
Actual   :/

SentretC avatar Aug 21 '23 13:08 SentretC