suspicious_sign_in_detector_spec.rb 1.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. RSpec.describe SuspiciousSignInDetector do
  4. describe '#suspicious?' do
  5. subject { described_class.new(user).suspicious?(request) }
  6. let(:user) { Fabricate(:user, current_sign_in_at: 1.day.ago) }
  7. let(:request) { instance_double(ActionDispatch::Request, remote_ip: remote_ip) }
  8. let(:remote_ip) { nil }
  9. context 'when user has 2FA enabled' do
  10. before do
  11. user.update!(otp_required_for_login: true)
  12. end
  13. it 'returns false' do
  14. expect(subject).to be false
  15. end
  16. end
  17. context 'when exact IP has been used before' do
  18. let(:remote_ip) { '1.1.1.1' }
  19. before do
  20. user.update!(sign_up_ip: remote_ip)
  21. end
  22. it 'returns false' do
  23. expect(subject).to be false
  24. end
  25. end
  26. context 'when similar IP has been used before' do
  27. let(:remote_ip) { '1.1.2.2' }
  28. before do
  29. user.update!(sign_up_ip: '1.1.1.1')
  30. end
  31. it 'returns false' do
  32. expect(subject).to be false
  33. end
  34. end
  35. context 'when IP is completely unfamiliar' do
  36. let(:remote_ip) { '2.2.2.2' }
  37. before do
  38. user.update!(sign_up_ip: '1.1.1.1')
  39. end
  40. it 'returns true' do
  41. expect(subject).to be true
  42. end
  43. end
  44. end
  45. end