From cf2ac1c964e3bda6c4905f40436ca20368f097d4 Mon Sep 17 00:00:00 2001
From: baarkerlounger <db@slothlife.xyz>
Date: Thu, 3 Feb 2022 17:53:10 +0000
Subject: [PATCH] Return 422 if OTP auth is unsuccessful

---
 Gemfile.lock                                             | 4 ++--
 app/views/devise/two_factor_authentication/show.html.erb | 8 ++++----
 spec/features/admin_panel_spec.rb                        | 2 ++
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index b48605158..51a6d8e23 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -20,7 +20,7 @@ GIT
 
 GIT
   remote: https://github.com/baarkerlounger/two_factor_authentication.git
-  revision: a7522becd7222f1aa4ddf73d7caf19f05bdb4dac
+  revision: 025d0a39ae971798402a7cefbd677cb15aa4983c
   specs:
     two_factor_authentication (2.2.0)
       devise
@@ -117,7 +117,7 @@ GEM
     ast (2.4.2)
     aws-eventstream (1.2.0)
     aws-partitions (1.551.0)
-    aws-sdk-core (3.125.5)
+    aws-sdk-core (3.125.6)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.525.0)
       aws-sigv4 (~> 1.1)
diff --git a/app/views/devise/two_factor_authentication/show.html.erb b/app/views/devise/two_factor_authentication/show.html.erb
index a742056fe..cc4738e12 100644
--- a/app/views/devise/two_factor_authentication/show.html.erb
+++ b/app/views/devise/two_factor_authentication/show.html.erb
@@ -11,10 +11,10 @@
       <p class="govuk-body">We’ve sent you a text message with a security code.</p>
 
       <%= f.govuk_number_field :code,
-          label: { text: "Security code" },
-          width: 5,
-          autocomplete: 'one-time-code',
-          autofocus: true
+        label: { text: "Security code" },
+        width: 5,
+        autocomplete: 'one-time-code',
+        autofocus: true
       %>
 
       <%= f.govuk_submit "Submit" %>
diff --git a/spec/features/admin_panel_spec.rb b/spec/features/admin_panel_spec.rb
index 70226286a..838bc1b1e 100644
--- a/spec/features/admin_panel_spec.rb
+++ b/spec/features/admin_panel_spec.rb
@@ -37,6 +37,7 @@ RSpec.describe "Admin Panel" do
         fill_in("code", with: otp)
         click_button("Submit")
         expect(page).to have_content("Check your phone")
+        expect(page).to have_http_status(:unprocessable_entity)
       end
     end
   end
@@ -50,6 +51,7 @@ RSpec.describe "Admin Panel" do
       fill_in("code", with: otp)
       click_button("Submit")
       expect(page).to have_content("Check your phone")
+      expect(page).to have_http_status(:unprocessable_entity)
     end
   end