From 7b473d75147b2c19ebbb9677e2011708f8f8e120 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Tue, 30 May 2017 01:04:00 +0900 Subject: Cover Settings::TwoFactorAuthentication::ConfirmationsController more (#3386) --- .../confirmations_controller_spec.rb | 95 +++++++++++++++++----- 1 file changed, 74 insertions(+), 21 deletions(-) (limited to 'spec/controllers') diff --git a/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb b/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb index bf555078e..0676d6161 100644 --- a/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb +++ b/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb @@ -5,41 +5,94 @@ require 'rails_helper' describe Settings::TwoFactorAuthentication::ConfirmationsController do render_views - let(:user) { Fabricate(:user) } - before do - user.otp_secret = User.generate_otp_secret(32) - user.save! + let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: 'thisisasecretforthespecofnewview') } - sign_in user, scope: :user + shared_examples 'renders :new' do + it 'renders the new view' do + subject + + expect(assigns(:confirmation)).to be_instance_of Form::TwoFactorConfirmation + expect(assigns(:provision_url)).to eq 'otpauth://totp/local-part@domain?secret=thisisasecretforthespecofnewview&issuer=cb6e6126.ngrok.io' + expect(assigns(:qrcode)).to be_instance_of RQRCode::QRCode + expect(response).to have_http_status(:success) + expect(response).to render_template(:new) + end end describe 'GET #new' do - it 'returns http success' do - get :new + context 'when signed in' do + subject do + sign_in user, scope: :user + get :new + end - expect(response).to have_http_status(:success) - expect(response).to render_template(:new) + include_examples 'renders :new' + end + + it 'redirects if not signed in' do + get :new + expect(response).to redirect_to('/auth/sign_in') end end describe 'POST #create' do - describe 'when creation succeeds' do - it 'renders page with success' do - allow_any_instance_of(User).to receive(:validate_and_consume_otp!).with('123456').and_return(true) + context 'when signed in' do + before do + sign_in user, scope: :user + end - post :create, params: { form_two_factor_confirmation: { code: '123456' } } - expect(response).to have_http_status(:success) - expect(response).to render_template('settings/two_factor_authentication/recovery_codes/index') + describe 'when form_two_factor_confirmation parameter is not provided' do + it 'raises ActionController::ParameterMissing' do + expect { post :create, params: { } }.to raise_error(ActionController::ParameterMissing) + end + end + + describe 'when creation succeeds' do + it 'renders page with success' do + otp_backup_codes = user.generate_otp_backup_codes! + expect_any_instance_of(User).to receive(:generate_otp_backup_codes!) do |value| + expect(value).to eq user + otp_backup_codes + end + expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg| + expect(value).to eq user + expect(arg).to eq '123456' + true + end + + post :create, params: { form_two_factor_confirmation: { code: '123456' } } + + expect(assigns(:recovery_codes)).to eq otp_backup_codes + expect(flash[:notice]).to eq 'Two-factor authentication successfully enabled' + expect(response).to have_http_status(:success) + expect(response).to render_template('settings/two_factor_authentication/recovery_codes/index') + end end - end - describe 'when creation fails' do - it 'renders the new view' do - allow_any_instance_of(User).to receive(:validate_and_consume_otp!).with('123456').and_return(false) + describe 'when creation fails' do + subject do + expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg| + expect(value).to eq user + expect(arg).to eq '123456' + false + end + + post :create, params: { form_two_factor_confirmation: { code: '123456' } } + end + + it 'renders the new view' do + subject + expect(response.body).to include 'The entered code was invalid! Are server time and device time correct?' + end + + include_examples 'renders :new' + end + end + context 'when not signed in' do + it 'redirects if not signed in' do post :create, params: { form_two_factor_confirmation: { code: '123456' } } - expect(response).to have_http_status(:success) - expect(response).to render_template(:new) + expect(response).to redirect_to('/auth/sign_in') end end end -- cgit