diff options
author | Thibaut Girka <thib@sitedethib.com> | 2020-08-30 16:13:08 +0200 |
---|---|---|
committer | Thibaut Girka <thib@sitedethib.com> | 2020-08-30 16:13:08 +0200 |
commit | 8c3c27bf063d648823da39a206be3efd285611ad (patch) | |
tree | c78c0bed2bab5ed64a7dfd546b91b21600947112 /spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb | |
parent | 30632adf9eda6d83a9b4269f23f11ced5e09cd93 (diff) | |
parent | 52157fdcba0837c782edbfd240be07cabc551de9 (diff) |
Merge branch 'master' into glitch-soc/merge-upstream
Conflicts: - `app/controllers/accounts_controller.rb`: Upstream change too close to a glitch-soc change related to instance-local toots. Merged upstream changes. - `app/services/fan_out_on_write_service.rb`: Minor conflict due to glitch-soc's handling of Direct Messages, merged upstream changes. - `yarn.lock`: Not really a conflict, caused by glitch-soc-only dependencies being textually too close to updated upstream dependencies. Merged upstream changes.
Diffstat (limited to 'spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb')
-rw-r--r-- | spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb | 140 |
1 files changed, 76 insertions, 64 deletions
diff --git a/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb b/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb index 336f13127..cdfeef8d6 100644 --- a/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb +++ b/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb @@ -5,8 +5,6 @@ require 'rails_helper' describe Settings::TwoFactorAuthentication::ConfirmationsController do render_views - let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: 'thisisasecretforthespecofnewview') } - let(:user_without_otp_secret) { Fabricate(:user, email: 'local-part@domain') } shared_examples 'renders :new' do it 'renders the new view' do @@ -20,87 +18,101 @@ describe Settings::TwoFactorAuthentication::ConfirmationsController do end end - describe 'GET #new' do - context 'when signed in' do - subject do - sign_in user, scope: :user - get :new, session: { challenge_passed_at: Time.now.utc } - end + [true, false].each do |with_otp_secret| + let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: with_otp_secret ? 'oldotpsecret' : nil) } - include_examples 'renders :new' - end + describe 'GET #new' do + context 'when signed in and a new otp secret has been setted in the session' do + subject do + sign_in user, scope: :user + get :new, session: { challenge_passed_at: Time.now.utc, new_otp_secret: 'thisisasecretforthespecofnewview' } + end - it 'redirects if not signed in' do - get :new - expect(response).to redirect_to('/auth/sign_in') - end + include_examples 'renders :new' + end - it 'redirects if user do not have otp_secret' do - sign_in user_without_otp_secret, scope: :user - get :new, session: { challenge_passed_at: Time.now.utc } - expect(response).to redirect_to('/settings/two_factor_authentication') - end - end + it 'redirects if not signed in' do + get :new + expect(response).to redirect_to('/auth/sign_in') + end - describe 'POST #create' do - context 'when signed in' do - before do + it 'redirects if a new otp_secret has not been setted in the session' do sign_in user, scope: :user + get :new, session: { challenge_passed_at: Time.now.utc } + expect(response).to redirect_to('/settings/otp_authentication') end + end - describe 'when form_two_factor_confirmation parameter is not provided' do - it 'raises ActionController::ParameterMissing' do - post :create, params: {}, session: { challenge_passed_at: Time.now.utc } - expect(response).to have_http_status(400) + describe 'POST #create' do + context 'when signed in' do + before do + sign_in user, scope: :user end - end - describe 'when creation succeeds' do - it 'renders page with success' do - otp_backup_codes = user.generate_otp_backup_codes! - expect_any_instance_of(User).to receive(:generate_otp_backup_codes!) do |value| - expect(value).to eq user - otp_backup_codes - end - expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg| - expect(value).to eq user - expect(arg).to eq '123456' - true + describe 'when form_two_factor_confirmation parameter is not provided' do + it 'raises ActionController::ParameterMissing' do + post :create, params: {}, session: { challenge_passed_at: Time.now.utc, new_otp_secret: 'thisisasecretforthespecofnewview' } + expect(response).to have_http_status(400) end + end - post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }, session: { challenge_passed_at: Time.now.utc } - - expect(assigns(:recovery_codes)).to eq otp_backup_codes - expect(flash[:notice]).to eq 'Two-factor authentication successfully enabled' - expect(response).to have_http_status(200) - expect(response).to render_template('settings/two_factor_authentication/recovery_codes/index') + describe 'when creation succeeds' do + it 'renders page with success' do + otp_backup_codes = user.generate_otp_backup_codes! + expect_any_instance_of(User).to receive(:generate_otp_backup_codes!) do |value| + expect(value).to eq user + otp_backup_codes + end + expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, code, options| + expect(value).to eq user + expect(code).to eq '123456' + expect(options).to eq({ otp_secret: 'thisisasecretforthespecofnewview' }) + true + end + + expect do + post :create, + params: { form_two_factor_confirmation: { otp_attempt: '123456' } }, + session: { challenge_passed_at: Time.now.utc, new_otp_secret: 'thisisasecretforthespecofnewview' } + end.to change { user.reload.otp_secret }.to 'thisisasecretforthespecofnewview' + + expect(assigns(:recovery_codes)).to eq otp_backup_codes + expect(flash[:notice]).to eq 'Two-factor authentication successfully enabled' + expect(response).to have_http_status(200) + expect(response).to render_template('settings/two_factor_authentication/recovery_codes/index') + end end - end - describe 'when creation fails' do - subject do - expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg| - expect(value).to eq user - expect(arg).to eq '123456' - false + describe 'when creation fails' do + subject do + expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, code, options| + expect(value).to eq user + expect(code).to eq '123456' + expect(options).to eq({ otp_secret: 'thisisasecretforthespecofnewview' }) + false + end + + expect do + post :create, + params: { form_two_factor_confirmation: { otp_attempt: '123456' } }, + session: { challenge_passed_at: Time.now.utc, new_otp_secret: 'thisisasecretforthespecofnewview' } + end.to not_change { user.reload.otp_secret } end - post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }, session: { challenge_passed_at: Time.now.utc } - end + it 'renders the new view' do + subject + expect(response.body).to include 'The entered code was invalid! Are server time and device time correct?' + end - it 'renders the new view' do - subject - expect(response.body).to include 'The entered code was invalid! Are server time and device time correct?' + include_examples 'renders :new' end - - include_examples 'renders :new' end - end - context 'when not signed in' do - it 'redirects if not signed in' do - post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } } - expect(response).to redirect_to('/auth/sign_in') + context 'when not signed in' do + it 'redirects if not signed in' do + post :create, params: { form_two_factor_confirmation: { otp_attempt: '123456' } } + expect(response).to redirect_to('/auth/sign_in') + end end end end |