diff options
Diffstat (limited to 'spec/controllers/auth')
| -rw-r--r-- | spec/controllers/auth/registrations_controller_spec.rb | 88 | ||||
| -rw-r--r-- | spec/controllers/auth/sessions_controller_spec.rb | 38 | ||||
| -rw-r--r-- | spec/controllers/auth/setup_controller_spec.rb | 25 |
3 files changed, 89 insertions, 62 deletions
diff --git a/spec/controllers/auth/registrations_controller_spec.rb b/spec/controllers/auth/registrations_controller_spec.rb index 0ebf6641f..e3a00fa39 100644 --- a/spec/controllers/auth/registrations_controller_spec.rb +++ b/spec/controllers/auth/registrations_controller_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rails_helper' RSpec.describe Auth::RegistrationsController, type: :controller do @@ -32,7 +34,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do describe 'GET #edit' do it 'returns http success' do - request.env["devise.mapping"] = Devise.mappings[:user] + request.env['devise.mapping'] = Devise.mappings[:user] sign_in(Fabricate(:user)) get :edit expect(response).to have_http_status(200) @@ -41,7 +43,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do describe 'GET #update' do it 'returns http success' do - request.env["devise.mapping"] = Devise.mappings[:user] + request.env['devise.mapping'] = Devise.mappings[:user] sign_in(Fabricate(:user), scope: :user) post :update expect(response).to have_http_status(200) @@ -49,7 +51,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do context 'when suspended' do it 'returns http forbidden' do - request.env["devise.mapping"] = Devise.mappings[:user] + request.env['devise.mapping'] = Devise.mappings[:user] sign_in(Fabricate(:user, account_attributes: { username: 'test', suspended_at: Time.now.utc }), scope: :user) post :update expect(response).to have_http_status(403) @@ -59,7 +61,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do describe 'GET #new' do before do - request.env["devise.mapping"] = Devise.mappings[:user] + request.env['devise.mapping'] = Devise.mappings[:user] end context do @@ -92,21 +94,21 @@ RSpec.describe Auth::RegistrationsController, type: :controller do I18n.locale = current_locale end - before { request.env["devise.mapping"] = Devise.mappings[:user] } + before { request.env['devise.mapping'] = Devise.mappings[:user] } context do + subject do + Setting.registrations_mode = 'open' + request.headers['Accept-Language'] = accept_language + post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } } + end + around do |example| registrations_mode = Setting.registrations_mode example.run Setting.registrations_mode = registrations_mode end - subject do - Setting.registrations_mode = 'open' - request.headers["Accept-Language"] = accept_language - post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } } - end - it 'redirects to setup' do subject expect(response).to redirect_to auth_setup_path @@ -121,18 +123,18 @@ RSpec.describe Auth::RegistrationsController, type: :controller do end context 'when user has not agreed to terms of service' do + subject do + Setting.registrations_mode = 'open' + request.headers['Accept-Language'] = accept_language + post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } } + end + around do |example| registrations_mode = Setting.registrations_mode example.run Setting.registrations_mode = registrations_mode end - subject do - Setting.registrations_mode = 'open' - request.headers["Accept-Language"] = accept_language - post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } } - end - it 'does not create user' do subject user = User.find_by(email: 'test@example.com') @@ -141,18 +143,18 @@ RSpec.describe Auth::RegistrationsController, type: :controller do end context 'approval-based registrations without invite' do + subject do + Setting.registrations_mode = 'approved' + request.headers['Accept-Language'] = accept_language + post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } } + end + around do |example| registrations_mode = Setting.registrations_mode example.run Setting.registrations_mode = registrations_mode end - subject do - Setting.registrations_mode = 'approved' - request.headers["Accept-Language"] = accept_language - post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } } - end - it 'redirects to setup' do subject expect(response).to redirect_to auth_setup_path @@ -163,24 +165,24 @@ RSpec.describe Auth::RegistrationsController, type: :controller do user = User.find_by(email: 'test@example.com') expect(user).to_not be_nil expect(user.locale).to eq(accept_language) - expect(user.approved).to eq(false) + expect(user.approved).to be(false) end end context 'approval-based registrations with expired invite' do + subject do + Setting.registrations_mode = 'approved' + request.headers['Accept-Language'] = accept_language + invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago) + post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } } + end + around do |example| registrations_mode = Setting.registrations_mode example.run Setting.registrations_mode = registrations_mode end - subject do - Setting.registrations_mode = 'approved' - request.headers["Accept-Language"] = accept_language - invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago) - post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } } - end - it 'redirects to setup' do subject expect(response).to redirect_to auth_setup_path @@ -191,11 +193,20 @@ RSpec.describe Auth::RegistrationsController, type: :controller do user = User.find_by(email: 'test@example.com') expect(user).to_not be_nil expect(user.locale).to eq(accept_language) - expect(user.approved).to eq(false) + expect(user.approved).to be(false) end end context 'approval-based registrations with valid invite and required invite text' do + subject do + inviter = Fabricate(:user, confirmed_at: 2.days.ago) + Setting.registrations_mode = 'approved' + Setting.require_invite_text = true + request.headers['Accept-Language'] = accept_language + invite = Fabricate(:invite, user: inviter, max_uses: nil, expires_at: 1.hour.from_now) + post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } } + end + around do |example| registrations_mode = Setting.registrations_mode require_invite_text = Setting.require_invite_text @@ -204,15 +215,6 @@ RSpec.describe Auth::RegistrationsController, type: :controller do Setting.registrations_mode = registrations_mode end - subject do - inviter = Fabricate(:user, confirmed_at: 2.days.ago) - Setting.registrations_mode = 'approved' - Setting.require_invite_text = true - request.headers["Accept-Language"] = accept_language - invite = Fabricate(:invite, user: inviter, max_uses: nil, expires_at: 1.hour.from_now) - post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } } - end - it 'redirects to setup' do subject expect(response).to redirect_to auth_setup_path @@ -223,7 +225,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do user = User.find_by(email: 'test@example.com') expect(user).to_not be_nil expect(user.locale).to eq(accept_language) - expect(user.approved).to eq(true) + expect(user.approved).to be(true) end end @@ -245,7 +247,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do end it 'returns http not found' do - expect(response).to have_http_status(:not_found) + expect(response).to have_http_status(404) end it 'does not delete user' do diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb index d3db7aa1a..58befa124 100644 --- a/spec/controllers/auth/sessions_controller_spec.rb +++ b/spec/controllers/auth/sessions_controller_spec.rb @@ -54,7 +54,7 @@ RSpec.describe Auth::SessionsController, type: :controller do context 'using PAM authentication', if: ENV['PAM_ENABLED'] == 'true' do context 'using a valid password' do before do - post :create, params: { user: { email: "pam_user1", password: '123456' } } + post :create, params: { user: { email: 'pam_user1', password: '123456' } } end it 'redirects to home' do @@ -68,7 +68,7 @@ RSpec.describe Auth::SessionsController, type: :controller do context 'using an invalid password' do before do - post :create, params: { user: { email: "pam_user1", password: 'WRONGPW' } } + post :create, params: { user: { email: 'pam_user1', password: 'WRONGPW' } } end it 'shows a login error' do @@ -127,7 +127,7 @@ RSpec.describe Auth::SessionsController, type: :controller do before do allow_any_instance_of(ActionDispatch::Request).to receive(:remote_ip).and_return(current_ip) - allow(UserMailer).to receive(:suspicious_sign_in).and_return(double('email', 'deliver_later!': nil)) + allow(UserMailer).to receive(:suspicious_sign_in).and_return(double('email', deliver_later!: nil)) user.update(current_sign_in_at: 1.month.ago) post :create, params: { user: { email: user.email, password: user.password } } end @@ -194,7 +194,7 @@ RSpec.describe Auth::SessionsController, type: :controller do post :create, params: { user: { email: user.email, password: user.password } } end - context "in single user mode" do + context 'in single user mode' do let(:single_user_mode) { true } it 'redirects to home' do @@ -202,7 +202,7 @@ RSpec.describe Auth::SessionsController, type: :controller do end end - context "in non-single user mode" do + context 'in non-single user mode' do let(:single_user_mode) { false } it "redirects back to the user's page" do @@ -230,8 +230,8 @@ RSpec.describe Auth::SessionsController, type: :controller do end it 'renders two factor authentication page' do - expect(controller).to render_template("two_factor") - expect(controller).to render_template(partial: "_otp_authentication_form") + expect(controller).to render_template('two_factor') + expect(controller).to render_template(partial: '_otp_authentication_form') end end @@ -246,8 +246,8 @@ RSpec.describe Auth::SessionsController, type: :controller do end it 'renders two factor authentication page' do - expect(controller).to render_template("two_factor") - expect(controller).to render_template(partial: "_otp_authentication_form") + expect(controller).to render_template('two_factor') + expect(controller).to render_template(partial: '_otp_authentication_form') end end @@ -257,8 +257,8 @@ RSpec.describe Auth::SessionsController, type: :controller do end it 'renders two factor authentication page' do - expect(controller).to render_template("two_factor") - expect(controller).to render_template(partial: "_otp_authentication_form") + expect(controller).to render_template('two_factor') + expect(controller).to render_template(partial: '_otp_authentication_form') end end @@ -339,11 +339,11 @@ RSpec.describe Auth::SessionsController, type: :controller do external_id: public_key_credential.id, public_key: public_key_credential.public_key, sign_count: '1000' - ) + ) user.webauthn_credentials.take end - let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http' }://#{Rails.configuration.x.web_domain}" } + let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" } let(:fake_client) { WebAuthn::FakeClient.new(domain) } @@ -359,8 +359,8 @@ RSpec.describe Auth::SessionsController, type: :controller do end it 'renders webauthn authentication page' do - expect(controller).to render_template("two_factor") - expect(controller).to render_template(partial: "_webauthn_form") + expect(controller).to render_template('two_factor') + expect(controller).to render_template(partial: '_webauthn_form') end end @@ -370,8 +370,8 @@ RSpec.describe Auth::SessionsController, type: :controller do end it 'renders webauthn authentication page' do - expect(controller).to render_template("two_factor") - expect(controller).to render_template(partial: "_webauthn_form") + expect(controller).to render_template('two_factor') + expect(controller).to render_template(partial: '_webauthn_form') end end @@ -400,7 +400,7 @@ RSpec.describe Auth::SessionsController, type: :controller do describe 'GET #webauthn_options' do context 'with WebAuthn and OTP enabled as second factor' do - let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http' }://#{Rails.configuration.x.web_domain}" } + let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" } let(:fake_client) { WebAuthn::FakeClient.new(domain) } @@ -422,7 +422,7 @@ RSpec.describe Auth::SessionsController, type: :controller do it 'returns http success' do get :webauthn_options - expect(response).to have_http_status :ok + expect(response).to have_http_status 200 end end end diff --git a/spec/controllers/auth/setup_controller_spec.rb b/spec/controllers/auth/setup_controller_spec.rb new file mode 100644 index 000000000..75e42aaf9 --- /dev/null +++ b/spec/controllers/auth/setup_controller_spec.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe Auth::SetupController do + render_views + + describe 'GET #show' do + context 'with a signed out request' do + it 'returns http redirect' do + get :show + expect(response).to be_redirect + end + end + + context 'with an unconfirmed signed in user' do + before { sign_in Fabricate(:user, confirmed_at: nil) } + + it 'returns http success' do + get :show + expect(response).to have_http_status(200) + end + end + end +end |