diff options
author | ThibG <thib@sitedethib.com> | 2020-08-30 18:34:51 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-30 18:34:51 +0200 |
commit | f715e8b51612820a18fa307e4465eb0c1a088f86 (patch) | |
tree | 8137b48a716e05424ca544210d86e91818085ba7 /spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb | |
parent | 30632adf9eda6d83a9b4269f23f11ced5e09cd93 (diff) | |
parent | a68ec50e4e38898e88a7dcc33bd0032adc946dda (diff) |
Merge pull request #1411 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb')
-rw-r--r-- | spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb b/spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb new file mode 100644 index 000000000..17e8fa9b8 --- /dev/null +++ b/spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb @@ -0,0 +1,99 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe Settings::TwoFactorAuthentication::OtpAuthenticationController do + render_views + + let(:user) { Fabricate(:user) } + + describe 'GET #show' do + context 'when signed in' do + before do + sign_in user, scope: :user + end + + describe 'when user has OTP enabled' do + before do + user.update(otp_required_for_login: true) + end + + it 'redirects to two factor authentciation methods list page' do + get :show + + expect(response).to redirect_to settings_two_factor_authentication_methods_path + end + end + + describe 'when user does not have OTP enabled' do + before do + user.update(otp_required_for_login: false) + end + + it 'returns http success' do + get :show + + expect(response).to have_http_status(200) + end + end + end + + context 'when not signed in' do + it 'redirects' do + get :show + + expect(response).to redirect_to new_user_session_path + end + end + end + + describe 'POST #create' do + context 'when signed in' do + before do + sign_in user, scope: :user + end + + describe 'when user has OTP enabled' do + before do + user.update(otp_required_for_login: true) + end + + describe 'when creation succeeds' do + it 'redirects to code confirmation page without updating user secret and setting otp secret in the session' do + expect do + post :create, session: { challenge_passed_at: Time.now.utc } + end.to not_change { user.reload.otp_secret } + .and change { session[:new_otp_secret] } + + expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path) + end + end + end + + describe 'when user does not have OTP enabled' do + before do + user.update(otp_required_for_login: false) + end + + describe 'when creation succeeds' do + it 'redirects to code confirmation page without updating user secret and setting otp secret in the session' do + expect do + post :create, session: { challenge_passed_at: Time.now.utc } + end.to not_change { user.reload.otp_secret } + .and change { session[:new_otp_secret] } + + expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path) + end + end + end + end + + context 'when not signed in' do + it 'redirects to login' do + get :show + + expect(response).to redirect_to new_user_session_path + end + end + end +end |