During System Test, Devise is allowing my test user to login without authenticating!

Hey Guys,

I’m struggling with a bug that I hope someone can help me with. If this is the wrong place to ask, let me know.

So I’ve written my own custom authenticator with Devise… essentially one the 1st loging attemp, the user must enter the username, password and mfa. On subsequent logins, the user only needs to enter their username and mfa.

This duo authentication scheme seems to work fine when I am manually excercising it. At least I haven’t seen it fail in the 4 weeks since I’ve been running it.

When I run it via rails (6.1.4.6) system test feature this is what happens:

  1. Login with username, password plus mfa.
  2. Logout.
  3. The username is entered into an input field and the “Next” button is clicked.
  4. At this point, the mfa input box should be presented. Instead Devise redirects to an internal page that should only be accessible after the user authenticates!

Any help would be greatly appreciated.