about summary refs log tree commit diff
path: root/spec/controllers/admin/two_factor_authentications_controller_spec.rb
diff options
context:
space:
mode:
authorThibG <thib@sitedethib.com>2020-08-30 18:34:51 +0200
committerGitHub <noreply@github.com>2020-08-30 18:34:51 +0200
commitf715e8b51612820a18fa307e4465eb0c1a088f86 (patch)
tree8137b48a716e05424ca544210d86e91818085ba7 /spec/controllers/admin/two_factor_authentications_controller_spec.rb
parent30632adf9eda6d83a9b4269f23f11ced5e09cd93 (diff)
parenta68ec50e4e38898e88a7dcc33bd0032adc946dda (diff)
Merge pull request #1411 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'spec/controllers/admin/two_factor_authentications_controller_spec.rb')
-rw-r--r--spec/controllers/admin/two_factor_authentications_controller_spec.rb43
1 files changed, 37 insertions, 6 deletions
diff --git a/spec/controllers/admin/two_factor_authentications_controller_spec.rb b/spec/controllers/admin/two_factor_authentications_controller_spec.rb
index 4c1aa88d7..b0e82d3d6 100644
--- a/spec/controllers/admin/two_factor_authentications_controller_spec.rb
+++ b/spec/controllers/admin/two_factor_authentications_controller_spec.rb
@@ -1,20 +1,51 @@
 require 'rails_helper'
+require 'webauthn/fake_client'
 
 describe Admin::TwoFactorAuthenticationsController do
   render_views
 
-  let(:user) { Fabricate(:user, otp_required_for_login: true) }
+  let(:user) { Fabricate(:user) }
   before do
     sign_in Fabricate(:user, admin: true), scope: :user
   end
 
   describe 'DELETE #destroy' do
-    it 'redirects to admin accounts page' do
-      delete :destroy, params: { user_id: user.id }
+    context 'when user has OTP enabled' do
+      before do
+        user.update(otp_required_for_login: true)
+      end
 
-      user.reload
-      expect(user.otp_required_for_login).to eq false
-      expect(response).to redirect_to(admin_accounts_path)
+      it 'redirects to admin accounts page' do
+        delete :destroy, params: { user_id: user.id }
+
+        user.reload
+        expect(user.otp_enabled?).to eq false
+        expect(response).to redirect_to(admin_accounts_path)
+      end
+    end
+
+    context 'when user has OTP and WebAuthn enabled' do
+      let(:fake_client) { WebAuthn::FakeClient.new('http://test.host') }
+
+      before do
+        user.update(otp_required_for_login: true, webauthn_id: WebAuthn.generate_user_id)
+
+        public_key_credential = WebAuthn::Credential.from_create(fake_client.create)
+        Fabricate(:webauthn_credential,
+                  user_id: user.id,
+                  external_id: public_key_credential.id,
+                  public_key: public_key_credential.public_key,
+                  nickname: 'Security Key')
+      end
+
+      it 'redirects to admin accounts page' do
+        delete :destroy, params: { user_id: user.id }
+
+        user.reload
+        expect(user.otp_enabled?).to eq false
+        expect(user.webauthn_enabled?).to eq false
+        expect(response).to redirect_to(admin_accounts_path)
+      end
     end
   end
 end
generated by cgit-pink (git 2.37.1) at 2024-07-17 05:31:40 +0000