commit: 7b473d75147b2c19ebbb9677e2011708f8f8e120
parent: dff576b75d11335b3c424b399499c6b1edb4b626
Author: Akihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp>
Date: Tue, 30 May 2017 01:04:00 +0900
Cover Settings::TwoFactorAuthentication::ConfirmationsController more (#3386)
Diffstat:
1 file changed, 74 insertions(+), 21 deletions(-)
diff --git a/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb b/spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb
@@ -5,41 +5,94 @@ require 'rails_helper'
describe Settings::TwoFactorAuthentication::ConfirmationsController do
render_views
- let(:user) { Fabricate(:user) }
- before do
- user.otp_secret = User.generate_otp_secret(32)
- user.save!
+ let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: 'thisisasecretforthespecofnewview') }
- sign_in user, scope: :user
+ shared_examples 'renders :new' do
+ it 'renders the new view' do
+ subject
+
+ expect(assigns(:confirmation)).to be_instance_of Form::TwoFactorConfirmation
+ expect(assigns(:provision_url)).to eq 'otpauth://totp/local-part@domain?secret=thisisasecretforthespecofnewview&issuer=cb6e6126.ngrok.io'
+ expect(assigns(:qrcode)).to be_instance_of RQRCode::QRCode
+ expect(response).to have_http_status(:success)
+ expect(response).to render_template(:new)
+ end
end
describe 'GET #new' do
- it 'returns http success' do
- get :new
+ context 'when signed in' do
+ subject do
+ sign_in user, scope: :user
+ get :new
+ end
- expect(response).to have_http_status(:success)
- expect(response).to render_template(:new)
+ include_examples 'renders :new'
+ end
+
+ it 'redirects if not signed in' do
+ get :new
+ expect(response).to redirect_to('/auth/sign_in')
end
end
describe 'POST #create' do
- describe 'when creation succeeds' do
- it 'renders page with success' do
- allow_any_instance_of(User).to receive(:validate_and_consume_otp!).with('123456').and_return(true)
+ context 'when signed in' do
+ before do
+ sign_in user, scope: :user
+ end
- post :create, params: { form_two_factor_confirmation: { code: '123456' } }
- expect(response).to have_http_status(:success)
- expect(response).to render_template('settings/two_factor_authentication/recovery_codes/index')
+ describe 'when form_two_factor_confirmation parameter is not provided' do
+ it 'raises ActionController::ParameterMissing' do
+ expect { post :create, params: { } }.to raise_error(ActionController::ParameterMissing)
+ end
+ end
+
+ describe 'when creation succeeds' do
+ it 'renders page with success' do
+ otp_backup_codes = user.generate_otp_backup_codes!
+ expect_any_instance_of(User).to receive(:generate_otp_backup_codes!) do |value|
+ expect(value).to eq user
+ otp_backup_codes
+ end
+ expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
+ expect(value).to eq user
+ expect(arg).to eq '123456'
+ true
+ end
+
+ post :create, params: { form_two_factor_confirmation: { code: '123456' } }
+
+ expect(assigns(:recovery_codes)).to eq otp_backup_codes
+ expect(flash[:notice]).to eq 'Two-factor authentication successfully enabled'
+ expect(response).to have_http_status(:success)
+ expect(response).to render_template('settings/two_factor_authentication/recovery_codes/index')
+ end
end
- end
- describe 'when creation fails' do
- it 'renders the new view' do
- allow_any_instance_of(User).to receive(:validate_and_consume_otp!).with('123456').and_return(false)
+ describe 'when creation fails' do
+ subject do
+ expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
+ expect(value).to eq user
+ expect(arg).to eq '123456'
+ false
+ end
+
+ post :create, params: { form_two_factor_confirmation: { code: '123456' } }
+ end
+
+ it 'renders the new view' do
+ subject
+ expect(response.body).to include 'The entered code was invalid! Are server time and device time correct?'
+ end
+
+ include_examples 'renders :new'
+ end
+ end
+ context 'when not signed in' do
+ it 'redirects if not signed in' do
post :create, params: { form_two_factor_confirmation: { code: '123456' } }
- expect(response).to have_http_status(:success)
- expect(response).to render_template(:new)
+ expect(response).to redirect_to('/auth/sign_in')
end
end
end