fix: new settings flow with required mfa shouldn't be added to login …

…flow return_to unless it contains a return_to parameter
ory · Jun 19, 2023 · 7ffa1e1 · 7ffa1e1
1 parent f3aaa0e
commit 7ffa1e1
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 4 deletions.
diff --git a/selfservice/flow/settings/handler_test.go b/selfservice/flow/settings/handler_test.go
@@ -295,7 +295,6 @@ func TestHandler(t *testing.T) {
 				}
 				q := url.Query()
 				q.Add("aal", "aal2")
-				q.Add("return_to", conf.SelfPublicURL(ctx).String()+settings.RouteInitBrowserFlow)
 				url.RawQuery = q.Encode()
 
 				assertx.EqualAsJSON(t, session.NewErrAALNotSatisfied(url.String()), json.RawMessage(body))

diff --git a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
@@ -85,7 +85,7 @@ context("2FA TOTP", () => {
         })
         cy.get('*[name="method"][value="totp"]').click()
         cy.location("pathname").should((loc) => {
-          expect(loc).to.oneOf(["/welcome", "/", "/sessions"])
+          expect(loc).to.eq("/settings")
         })
         cy.getSession({
           expectAal: "aal2",

diff --git a/test/e2e/profiles/mfa/.kratos.yml b/test/e2e/profiles/mfa/.kratos.yml
@@ -3,7 +3,7 @@ selfservice:
     settings:
       ui_url: http://localhost:4455/settings
       privileged_session_max_age: 5m
-      required_aal: aal1
+      required_aal: highest_available
 
     logout:
       after:
@@ -47,4 +47,4 @@ identity:
 
 session:
   whoami:
-    required_aal: aal1
+    required_aal: highest_available