logo

mastofe

My custom branche(s) on git.pleroma.social/pleroma/mastofe git clone https://hacktivis.me/git/mastofe.git

two_factor_authentications_controller_spec.rb (3271B)

    

  1. # frozen_string_literal: true

  2. 

  3. require 'rails_helper'

  4. 

  5. describe Settings::TwoFactorAuthenticationsController do

  6.   render_views

  7. 

  8.   let(:user) { Fabricate(:user) }

  9. 

  10.   describe 'GET #show' do

  11.     context 'when signed in' do

  12.       before do

  13.         sign_in user, scope: :user

  14.       end

  15. 

  16.       describe 'when user requires otp for login already' do

  17.         it 'returns http success' do

  18.           user.update(otp_required_for_login: true)

  19.           get :show

  20. 

  21.           expect(response).to have_http_status(:success)

  22.         end

  23.       end

  24. 

  25.       describe 'when user does not require otp for login' do

  26.         it 'returns http success' do

  27.           user.update(otp_required_for_login: false)

  28.           get :show

  29. 

  30.           expect(response).to have_http_status(:success)

  31.         end

  32.       end

  33.     end

  34. 

  35.     context 'when not signed in' do

  36.       it 'redirects' do

  37.         get :show

  38.         expect(response).to redirect_to '/auth/sign_in'

  39.       end

  40.     end

  41.   end

  42. 

  43.   describe 'POST #create' do

  44.     context 'when signed in' do

  45.       before do

  46.         sign_in user, scope: :user

  47.       end

  48. 

  49.       describe 'when user requires otp for login already' do

  50.         it 'redirects to show page' do

  51.           user.update(otp_required_for_login: true)

  52.           post :create

  53. 

  54.           expect(response).to redirect_to(settings_two_factor_authentication_path)

  55.         end

  56.       end

  57. 

  58.       describe 'when creation succeeds' do

  59.         it 'updates user secret' do

  60.           before = user.otp_secret

  61.           post :create

  62. 

  63.           expect(user.reload.otp_secret).not_to eq(before)

  64.           expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path)

  65.         end

  66.       end

  67.     end

  68. 

  69.     context 'when not signed in' do

  70.       it 'redirects' do

  71.         get :show

  72.         expect(response).to redirect_to '/auth/sign_in'

  73.       end

  74.     end

  75.   end

  76. 

  77.   describe 'POST #destroy' do

  78.     before do

  79.       user.update(otp_required_for_login: true)

  80.     end

  81. 

  82.     context 'when signed in' do

  83.       before do

  84.         sign_in user, scope: :user

  85.       end

  86. 

  87.       it 'turns off otp requirement with correct code' do

  88.         expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|

  89.           expect(value).to eq user

  90.           expect(arg).to eq '123456'

  91.           true

  92.         end

  93. 

  94.         post :destroy, params: { form_two_factor_confirmation: { code: '123456' } }

  95. 

  96.         expect(response).to redirect_to(settings_two_factor_authentication_path)

  97.         user.reload

  98.         expect(user.otp_required_for_login).to eq(false)

  99.       end

  100. 

  101.       it 'does not turn off otp if code is incorrect' do

  102.         expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|

  103.           expect(value).to eq user

  104.           expect(arg).to eq '057772'

  105.           false

  106.         end

  107. 

  108.         post :destroy, params: { form_two_factor_confirmation: { code: '057772' } }

  109. 

  110.         user.reload

  111.         expect(user.otp_required_for_login).to eq(true)

  112.       end

  113. 

  114.       it 'raises ActionController::ParameterMissing if code is missing' do

  115.         expect { post :destroy }.to raise_error(ActionController::ParameterMissing)

  116.       end

  117.     end

  118. 

  119.     it 'redirects if not signed in' do

  120.       get :show

  121.       expect(response).to redirect_to '/auth/sign_in'

  122.     end

  123.   end

  124. end