about summary refs log tree commit diff
path: root/spec/controllers/auth
diff options
context:
space:
mode:
authorStarfall <us@starfall.systems>2023-04-14 19:22:47 -0500
committerStarfall <us@starfall.systems>2023-04-14 19:22:47 -0500
commit4fe1689de43f4404eb9530fcfbcbfb26d6c1c13a (patch)
tree6811b845bb7f4966b10dcefa3dea404246f161c7 /spec/controllers/auth
parent65c1e53a32cabcdbb7bca57002bb0f6acdebe07e (diff)
parentbed63f6dae0879ac840066b031229e0d139089cd (diff)
Merge remote-tracking branch 'glitch/main' HEAD main
Diffstat (limited to 'spec/controllers/auth')
-rw-r--r--spec/controllers/auth/registrations_controller_spec.rb88
-rw-r--r--spec/controllers/auth/sessions_controller_spec.rb38
-rw-r--r--spec/controllers/auth/setup_controller_spec.rb25
3 files changed, 89 insertions, 62 deletions
diff --git a/spec/controllers/auth/registrations_controller_spec.rb b/spec/controllers/auth/registrations_controller_spec.rb
index 0ebf6641f..e3a00fa39 100644
--- a/spec/controllers/auth/registrations_controller_spec.rb
+++ b/spec/controllers/auth/registrations_controller_spec.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rails_helper'
 
 RSpec.describe Auth::RegistrationsController, type: :controller do
@@ -32,7 +34,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
 
   describe 'GET #edit' do
     it 'returns http success' do
-      request.env["devise.mapping"] = Devise.mappings[:user]
+      request.env['devise.mapping'] = Devise.mappings[:user]
       sign_in(Fabricate(:user))
       get :edit
       expect(response).to have_http_status(200)
@@ -41,7 +43,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
 
   describe 'GET #update' do
     it 'returns http success' do
-      request.env["devise.mapping"] = Devise.mappings[:user]
+      request.env['devise.mapping'] = Devise.mappings[:user]
       sign_in(Fabricate(:user), scope: :user)
       post :update
       expect(response).to have_http_status(200)
@@ -49,7 +51,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
 
     context 'when suspended' do
       it 'returns http forbidden' do
-        request.env["devise.mapping"] = Devise.mappings[:user]
+        request.env['devise.mapping'] = Devise.mappings[:user]
         sign_in(Fabricate(:user, account_attributes: { username: 'test', suspended_at: Time.now.utc }), scope: :user)
         post :update
         expect(response).to have_http_status(403)
@@ -59,7 +61,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
 
   describe 'GET #new' do
     before do
-      request.env["devise.mapping"] = Devise.mappings[:user]
+      request.env['devise.mapping'] = Devise.mappings[:user]
     end
 
     context do
@@ -92,21 +94,21 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
       I18n.locale = current_locale
     end
 
-    before { request.env["devise.mapping"] = Devise.mappings[:user] }
+    before { request.env['devise.mapping'] = Devise.mappings[:user] }
 
     context do
+      subject do
+        Setting.registrations_mode = 'open'
+        request.headers['Accept-Language'] = accept_language
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
+      end
+
       around do |example|
         registrations_mode = Setting.registrations_mode
         example.run
         Setting.registrations_mode = registrations_mode
       end
 
-      subject do
-        Setting.registrations_mode = 'open'
-        request.headers["Accept-Language"] = accept_language
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
-      end
-
       it 'redirects to setup' do
         subject
         expect(response).to redirect_to auth_setup_path
@@ -121,18 +123,18 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
     end
 
     context 'when user has not agreed to terms of service' do
+      subject do
+        Setting.registrations_mode = 'open'
+        request.headers['Accept-Language'] = accept_language
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } }
+      end
+
       around do |example|
         registrations_mode = Setting.registrations_mode
         example.run
         Setting.registrations_mode = registrations_mode
       end
 
-      subject do
-        Setting.registrations_mode = 'open'
-        request.headers["Accept-Language"] = accept_language
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } }
-      end
-
       it 'does not create user' do
         subject
         user = User.find_by(email: 'test@example.com')
@@ -141,18 +143,18 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
     end
 
     context 'approval-based registrations without invite' do
+      subject do
+        Setting.registrations_mode = 'approved'
+        request.headers['Accept-Language'] = accept_language
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
+      end
+
       around do |example|
         registrations_mode = Setting.registrations_mode
         example.run
         Setting.registrations_mode = registrations_mode
       end
 
-      subject do
-        Setting.registrations_mode = 'approved'
-        request.headers["Accept-Language"] = accept_language
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
-      end
-
       it 'redirects to setup' do
         subject
         expect(response).to redirect_to auth_setup_path
@@ -163,24 +165,24 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
         user = User.find_by(email: 'test@example.com')
         expect(user).to_not be_nil
         expect(user.locale).to eq(accept_language)
-        expect(user.approved).to eq(false)
+        expect(user.approved).to be(false)
       end
     end
 
     context 'approval-based registrations with expired invite' do
+      subject do
+        Setting.registrations_mode = 'approved'
+        request.headers['Accept-Language'] = accept_language
+        invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
+      end
+
       around do |example|
         registrations_mode = Setting.registrations_mode
         example.run
         Setting.registrations_mode = registrations_mode
       end
 
-      subject do
-        Setting.registrations_mode = 'approved'
-        request.headers["Accept-Language"] = accept_language
-        invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } }
-      end
-
       it 'redirects to setup' do
         subject
         expect(response).to redirect_to auth_setup_path
@@ -191,11 +193,20 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
         user = User.find_by(email: 'test@example.com')
         expect(user).to_not be_nil
         expect(user.locale).to eq(accept_language)
-        expect(user.approved).to eq(false)
+        expect(user.approved).to be(false)
       end
     end
 
     context 'approval-based registrations with valid invite and required invite text' do
+      subject do
+        inviter = Fabricate(:user, confirmed_at: 2.days.ago)
+        Setting.registrations_mode = 'approved'
+        Setting.require_invite_text = true
+        request.headers['Accept-Language'] = accept_language
+        invite = Fabricate(:invite, user: inviter, max_uses: nil, expires_at: 1.hour.from_now)
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
+      end
+
       around do |example|
         registrations_mode = Setting.registrations_mode
         require_invite_text = Setting.require_invite_text
@@ -204,15 +215,6 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
         Setting.registrations_mode = registrations_mode
       end
 
-      subject do
-        inviter = Fabricate(:user, confirmed_at: 2.days.ago)
-        Setting.registrations_mode = 'approved'
-        Setting.require_invite_text = true
-        request.headers["Accept-Language"] = accept_language
-        invite = Fabricate(:invite, user: inviter, max_uses: nil, expires_at: 1.hour.from_now)
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } }
-      end
-
       it 'redirects to setup' do
         subject
         expect(response).to redirect_to auth_setup_path
@@ -223,7 +225,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
         user = User.find_by(email: 'test@example.com')
         expect(user).to_not be_nil
         expect(user.locale).to eq(accept_language)
-        expect(user.approved).to eq(true)
+        expect(user.approved).to be(true)
       end
     end
 
@@ -245,7 +247,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
     end
 
     it 'returns http not found' do
-      expect(response).to have_http_status(:not_found)
+      expect(response).to have_http_status(404)
     end
 
     it 'does not delete user' do
diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb
index d3db7aa1a..58befa124 100644
--- a/spec/controllers/auth/sessions_controller_spec.rb
+++ b/spec/controllers/auth/sessions_controller_spec.rb
@@ -54,7 +54,7 @@ RSpec.describe Auth::SessionsController, type: :controller do
     context 'using PAM authentication', if: ENV['PAM_ENABLED'] == 'true' do
       context 'using a valid password' do
         before do
-          post :create, params: { user: { email: "pam_user1", password: '123456' } }
+          post :create, params: { user: { email: 'pam_user1', password: '123456' } }
         end
 
         it 'redirects to home' do
@@ -68,7 +68,7 @@ RSpec.describe Auth::SessionsController, type: :controller do
 
       context 'using an invalid password' do
         before do
-          post :create, params: { user: { email: "pam_user1", password: 'WRONGPW' } }
+          post :create, params: { user: { email: 'pam_user1', password: 'WRONGPW' } }
         end
 
         it 'shows a login error' do
@@ -127,7 +127,7 @@ RSpec.describe Auth::SessionsController, type: :controller do
 
         before do
           allow_any_instance_of(ActionDispatch::Request).to receive(:remote_ip).and_return(current_ip)
-          allow(UserMailer).to receive(:suspicious_sign_in).and_return(double('email', 'deliver_later!': nil))
+          allow(UserMailer).to receive(:suspicious_sign_in).and_return(double('email', deliver_later!: nil))
           user.update(current_sign_in_at: 1.month.ago)
           post :create, params: { user: { email: user.email, password: user.password } }
         end
@@ -194,7 +194,7 @@ RSpec.describe Auth::SessionsController, type: :controller do
           post :create, params: { user: { email: user.email, password: user.password } }
         end
 
-        context "in single user mode" do
+        context 'in single user mode' do
           let(:single_user_mode) { true }
 
           it 'redirects to home' do
@@ -202,7 +202,7 @@ RSpec.describe Auth::SessionsController, type: :controller do
           end
         end
 
-        context "in non-single user mode" do
+        context 'in non-single user mode' do
           let(:single_user_mode) { false }
 
           it "redirects back to the user's page" do
@@ -230,8 +230,8 @@ RSpec.describe Auth::SessionsController, type: :controller do
           end
 
           it 'renders two factor authentication page' do
-            expect(controller).to render_template("two_factor")
-            expect(controller).to render_template(partial: "_otp_authentication_form")
+            expect(controller).to render_template('two_factor')
+            expect(controller).to render_template(partial: '_otp_authentication_form')
           end
         end
 
@@ -246,8 +246,8 @@ RSpec.describe Auth::SessionsController, type: :controller do
           end
 
           it 'renders two factor authentication page' do
-            expect(controller).to render_template("two_factor")
-            expect(controller).to render_template(partial: "_otp_authentication_form")
+            expect(controller).to render_template('two_factor')
+            expect(controller).to render_template(partial: '_otp_authentication_form')
           end
         end
 
@@ -257,8 +257,8 @@ RSpec.describe Auth::SessionsController, type: :controller do
           end
 
           it 'renders two factor authentication page' do
-            expect(controller).to render_template("two_factor")
-            expect(controller).to render_template(partial: "_otp_authentication_form")
+            expect(controller).to render_template('two_factor')
+            expect(controller).to render_template(partial: '_otp_authentication_form')
           end
         end
 
@@ -339,11 +339,11 @@ RSpec.describe Auth::SessionsController, type: :controller do
             external_id: public_key_credential.id,
             public_key: public_key_credential.public_key,
             sign_count: '1000'
-           )
+          )
           user.webauthn_credentials.take
         end
 
-        let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http' }://#{Rails.configuration.x.web_domain}" }
+        let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" }
 
         let(:fake_client) { WebAuthn::FakeClient.new(domain) }
 
@@ -359,8 +359,8 @@ RSpec.describe Auth::SessionsController, type: :controller do
           end
 
           it 'renders webauthn authentication page' do
-            expect(controller).to render_template("two_factor")
-            expect(controller).to render_template(partial: "_webauthn_form")
+            expect(controller).to render_template('two_factor')
+            expect(controller).to render_template(partial: '_webauthn_form')
           end
         end
 
@@ -370,8 +370,8 @@ RSpec.describe Auth::SessionsController, type: :controller do
           end
 
           it 'renders webauthn authentication page' do
-            expect(controller).to render_template("two_factor")
-            expect(controller).to render_template(partial: "_webauthn_form")
+            expect(controller).to render_template('two_factor')
+            expect(controller).to render_template(partial: '_webauthn_form')
           end
         end
 
@@ -400,7 +400,7 @@ RSpec.describe Auth::SessionsController, type: :controller do
 
   describe 'GET #webauthn_options' do
     context 'with WebAuthn and OTP enabled as second factor' do
-      let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http' }://#{Rails.configuration.x.web_domain}" }
+      let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" }
 
       let(:fake_client) { WebAuthn::FakeClient.new(domain) }
 
@@ -422,7 +422,7 @@ RSpec.describe Auth::SessionsController, type: :controller do
 
       it 'returns http success' do
         get :webauthn_options
-        expect(response).to have_http_status :ok
+        expect(response).to have_http_status 200
       end
     end
   end
diff --git a/spec/controllers/auth/setup_controller_spec.rb b/spec/controllers/auth/setup_controller_spec.rb
new file mode 100644
index 000000000..75e42aaf9
--- /dev/null
+++ b/spec/controllers/auth/setup_controller_spec.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe Auth::SetupController do
+  render_views
+
+  describe 'GET #show' do
+    context 'with a signed out request' do
+      it 'returns http redirect' do
+        get :show
+        expect(response).to be_redirect
+      end
+    end
+
+    context 'with an unconfirmed signed in user' do
+      before { sign_in Fabricate(:user, confirmed_at: nil) }
+
+      it 'returns http success' do
+        get :show
+        expect(response).to have_http_status(200)
+      end
+    end
+  end
+end