logo

mastofe

My custom branche(s) on git.pleroma.social/pleroma/mastofe git clone https://hacktivis.me/git/mastofe.git

two_factor_authentications_controller_spec.rb (3271B)

    

  1. # frozen_string_literal: true
  3. require 'rails_helper'
  5. describe Settings::TwoFactorAuthenticationsController do
  6.   render_views
  8.   let(:user) { Fabricate(:user) }
  10.   describe 'GET #show' do
  11.     context 'when signed in' do
  12.       before do
  13.         sign_in user, scope: :user
  14.       end
  16.       describe 'when user requires otp for login already' do
  17.         it 'returns http success' do
  18.           user.update(otp_required_for_login: true)
  19.           get :show
  21.           expect(response).to have_http_status(:success)
  22.         end
  23.       end
  25.       describe 'when user does not require otp for login' do
  26.         it 'returns http success' do
  27.           user.update(otp_required_for_login: false)
  28.           get :show
  30.           expect(response).to have_http_status(:success)
  31.         end
  32.       end
  33.     end
  35.     context 'when not signed in' do
  36.       it 'redirects' do
  37.         get :show
  38.         expect(response).to redirect_to '/auth/sign_in'
  39.       end
  40.     end
  41.   end
  43.   describe 'POST #create' do
  44.     context 'when signed in' do
  45.       before do
  46.         sign_in user, scope: :user
  47.       end
  49.       describe 'when user requires otp for login already' do
  50.         it 'redirects to show page' do
  51.           user.update(otp_required_for_login: true)
  52.           post :create
  54.           expect(response).to redirect_to(settings_two_factor_authentication_path)
  55.         end
  56.       end
  58.       describe 'when creation succeeds' do
  59.         it 'updates user secret' do
  60.           before = user.otp_secret
  61.           post :create
  63.           expect(user.reload.otp_secret).not_to eq(before)
  64.           expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path)
  65.         end
  66.       end
  67.     end
  69.     context 'when not signed in' do
  70.       it 'redirects' do
  71.         get :show
  72.         expect(response).to redirect_to '/auth/sign_in'
  73.       end
  74.     end
  75.   end
  77.   describe 'POST #destroy' do
  78.     before do
  79.       user.update(otp_required_for_login: true)
  80.     end
  82.     context 'when signed in' do
  83.       before do
  84.         sign_in user, scope: :user
  85.       end
  87.       it 'turns off otp requirement with correct code' do
  88.         expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
  89.           expect(value).to eq user
  90.           expect(arg).to eq '123456'
  91.           true
  92.         end
  94.         post :destroy, params: { form_two_factor_confirmation: { code: '123456' } }
  96.         expect(response).to redirect_to(settings_two_factor_authentication_path)
  97.         user.reload
  98.         expect(user.otp_required_for_login).to eq(false)
  99.       end
  101.       it 'does not turn off otp if code is incorrect' do
  102.         expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
  103.           expect(value).to eq user
  104.           expect(arg).to eq '057772'
  105.           false
  106.         end
  108.         post :destroy, params: { form_two_factor_confirmation: { code: '057772' } }
  110.         user.reload
  111.         expect(user.otp_required_for_login).to eq(true)
  112.       end
  114.       it 'raises ActionController::ParameterMissing if code is missing' do
  115.         expect { post :destroy }.to raise_error(ActionController::ParameterMissing)
  116.       end
  117.     end
  119.     it 'redirects if not signed in' do
  120.       get :show
  121.       expect(response).to redirect_to '/auth/sign_in'
  122.     end
  123.   end
  124. end