about summary refs log tree commit diff
path: root/spec/controllers/settings
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-06-25 23:51:46 +0200
committerGitHub <noreply@github.com>2017-06-25 23:51:46 +0200
commit5e8d037e271bdd230fc7ab1e91bcee16ac87e0e1 (patch)
tree15ce1a2f4eadd543713f326a7384432e816a8fa0 /spec/controllers/settings
parented7dc1704dc3ce82567d9aac366b095f02ce181f (diff)
Fix #3910 - Require OTP authentication to disable 2FA (#3935)
* Fix #3910 - Require OTP authentication to disable 2FA. Also, remove ability
to generate new OTP backup codes *after* initial backup codes were handed
out during activation

* Restore recovery code re-generation

* Improve display of some 2FA elements
Diffstat (limited to 'spec/controllers/settings')
-rw-r--r--spec/controllers/settings/two_factor_authentications_controller_spec.rb40
1 files changed, 34 insertions, 6 deletions
diff --git a/spec/controllers/settings/two_factor_authentications_controller_spec.rb b/spec/controllers/settings/two_factor_authentications_controller_spec.rb
index 4d1a01fcf..6c49f6f0d 100644
--- a/spec/controllers/settings/two_factor_authentications_controller_spec.rb
+++ b/spec/controllers/settings/two_factor_authentications_controller_spec.rb
@@ -79,13 +79,41 @@ describe Settings::TwoFactorAuthenticationsController do
       user.update(otp_required_for_login: true)
     end
 
-    it 'turns off otp requirement if signed in' do
-      sign_in user, scope: :user
-      post :destroy
+    context 'when signed in' do
+      before do
+        sign_in user, scope: :user
+      end
 
-      expect(response).to redirect_to(settings_two_factor_authentication_path)
-      user.reload
-      expect(user.otp_required_for_login).to eq(false)
+      it 'turns off otp requirement with correct code' do
+        expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
+          expect(value).to eq user
+          expect(arg).to eq '123456'
+          true
+        end
+
+        post :destroy, params: { form_two_factor_confirmation: { code: '123456' } }
+
+        expect(response).to redirect_to(settings_two_factor_authentication_path)
+        user.reload
+        expect(user.otp_required_for_login).to eq(false)
+      end
+
+      it 'does not turn off otp if code is incorrect' do
+        expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
+          expect(value).to eq user
+          expect(arg).to eq '057772'
+          false
+        end
+
+        post :destroy, params: { form_two_factor_confirmation: { code: '057772' } }
+
+        user.reload
+        expect(user.otp_required_for_login).to eq(true)
+      end
+
+      it 'raises ActionController::ParameterMissing if code is missing' do
+        expect { post :destroy }.to raise_error(ActionController::ParameterMissing)
+      end
     end
 
     it 'redirects if not signed in' do