Fix TOTP internal context after saving settings

ory · Dec 22, 2022 · c6359dc · c6359dc
1 parent 8bb3f2a
commit c6359dc
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 1 deletion.
diff --git a/selfservice/flow/settings/hook.go b/selfservice/flow/settings/hook.go
@@ -242,6 +242,7 @@ func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request,
 	ctxUpdate.Flow.UI = newFlow.UI
 	ctxUpdate.Flow.UI.ResetMessages()
 	ctxUpdate.Flow.UI.AddMessage(node.DefaultGroup, text.NewInfoSelfServiceSettingsUpdateSuccess())
+	ctxUpdate.Flow.InternalContext = newFlow.InternalContext
 	if err := e.d.SettingsFlowPersister().UpdateSettingsFlow(r.Context(), ctxUpdate.Flow); err != nil {
 		return err
 	}

diff --git a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
@@ -6,7 +6,7 @@ import { authenticator } from "otplib"
 import { routes as react } from "../../../helpers/react"
 import { routes as express } from "../../../helpers/express"
 
-context("2FA lookup secrets", () => {
+context("2FA TOTP", () => {
   ;[
     {
       login: react.login,
@@ -243,6 +243,21 @@ context("2FA lookup secrets", () => {
           expectAal: "aal2",
           expectMethods: ["password", "totp", "totp", "totp", "totp"],
         })
+
+        // The React app keeps using the same flow. The following scenario used to be broken,
+        // because the internal context wasn't populated properly in the flow after settings were saved.
+        cy.visit(settings)
+        cy.get('*[name="totp_unlink"]').click()
+        cy.expectSettingsSaved()
+
+        cy.get('[data-testid="node/text/totp_secret_key/text"]').then(($e) => {
+          secret = $e.text().trim()
+        })
+        cy.get('input[name="totp_code"]').then(($e) => {
+          cy.wrap($e).type(authenticator.generate(secret))
+        })
+        cy.get('*[name="method"][value="totp"]').click()
+        cy.expectSettingsSaved()
       })
 
       it("should not show totp as an option if not configured", () => {
@@ -274,6 +289,27 @@ context("2FA lookup secrets", () => {
           "The provided authentication code is invalid, please try again.",
         )
       })
+
+      // The React app keeps using the same flow. The following scenario used to be broken,
+      // because the internal context wasn't populated properly in the flow after settings were saved.
+      it.only("should allow changing other settings and then setting up totp", () => {
+        cy.visit(settings)
+        cy.get('input[name="traits.website"]')
+          .clear()
+          .type("https://some-website.com")
+        cy.get('*[name="method"][value="profile"]').click()
+        cy.expectSettingsSaved()
+
+        let secret
+        cy.get('[data-testid="node/text/totp_secret_key/text"]').then(($e) => {
+          secret = $e.text().trim()
+        })
+        cy.get('input[name="totp_code"]').then(($e) => {
+          cy.wrap($e).type(authenticator.generate(secret))
+        })
+        cy.get('*[name="method"][value="totp"]').click()
+        cy.expectSettingsSaved()
+      })
     })
   })
 })