diff options
| author | Thibaut Girka <thib@sitedethib.com> | 2020-08-30 16:13:08 +0200 |
|---|---|---|
| committer | Thibaut Girka <thib@sitedethib.com> | 2020-08-30 16:13:08 +0200 |
| commit | 8c3c27bf063d648823da39a206be3efd285611ad (patch) | |
| tree | c78c0bed2bab5ed64a7dfd546b91b21600947112 /spec/controllers/admin | |
| parent | 30632adf9eda6d83a9b4269f23f11ced5e09cd93 (diff) | |
| parent | 52157fdcba0837c782edbfd240be07cabc551de9 (diff) | |
Merge branch 'master' into glitch-soc/merge-upstream
Conflicts: - `app/controllers/accounts_controller.rb`: Upstream change too close to a glitch-soc change related to instance-local toots. Merged upstream changes. - `app/services/fan_out_on_write_service.rb`: Minor conflict due to glitch-soc's handling of Direct Messages, merged upstream changes. - `yarn.lock`: Not really a conflict, caused by glitch-soc-only dependencies being textually too close to updated upstream dependencies. Merged upstream changes.
Diffstat (limited to 'spec/controllers/admin')
| -rw-r--r-- | spec/controllers/admin/two_factor_authentications_controller_spec.rb | 43 |
1 files changed, 37 insertions, 6 deletions
diff --git a/spec/controllers/admin/two_factor_authentications_controller_spec.rb b/spec/controllers/admin/two_factor_authentications_controller_spec.rb index 4c1aa88d7..b0e82d3d6 100644 --- a/spec/controllers/admin/two_factor_authentications_controller_spec.rb +++ b/spec/controllers/admin/two_factor_authentications_controller_spec.rb @@ -1,20 +1,51 @@ require 'rails_helper' +require 'webauthn/fake_client' describe Admin::TwoFactorAuthenticationsController do render_views - let(:user) { Fabricate(:user, otp_required_for_login: true) } + let(:user) { Fabricate(:user) } before do sign_in Fabricate(:user, admin: true), scope: :user end describe 'DELETE #destroy' do - it 'redirects to admin accounts page' do - delete :destroy, params: { user_id: user.id } + context 'when user has OTP enabled' do + before do + user.update(otp_required_for_login: true) + end - user.reload - expect(user.otp_required_for_login).to eq false - expect(response).to redirect_to(admin_accounts_path) + it 'redirects to admin accounts page' do + delete :destroy, params: { user_id: user.id } + + user.reload + expect(user.otp_enabled?).to eq false + expect(response).to redirect_to(admin_accounts_path) + end + end + + context 'when user has OTP and WebAuthn enabled' do + let(:fake_client) { WebAuthn::FakeClient.new('http://test.host') } + + before do + user.update(otp_required_for_login: true, webauthn_id: WebAuthn.generate_user_id) + + public_key_credential = WebAuthn::Credential.from_create(fake_client.create) + Fabricate(:webauthn_credential, + user_id: user.id, + external_id: public_key_credential.id, + public_key: public_key_credential.public_key, + nickname: 'Security Key') + end + + it 'redirects to admin accounts page' do + delete :destroy, params: { user_id: user.id } + + user.reload + expect(user.otp_enabled?).to eq false + expect(user.webauthn_enabled?).to eq false + expect(response).to redirect_to(admin_accounts_path) + end end end end |