Sākums Izpētīt Palīdzība
Pierakstīties
RISCI_ATOM
/
mastodon
spogulis no https://github.com/tootsuite/mastodon.git
1
0
Atdalīts 0
Faili Problēmas 8 Vikivietne
Koks: de59e7e6a0
Atzari Tagi
mastodon
/
spec
/
controllers
/
settings
/
two_factor_authentications_controller_spec.rb

two_factor_authentications_controller_spec.rb 3.2 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125 
  1. # frozen_string_literal: true
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. describe Settings::TwoFactorAuthenticationsController do
    6. 

  6.   render_views
    7. 

  7. 

  8.   let(:user) { Fabricate(:user) }
    9. 

  9. 

  10.   describe 'GET #show' do
    11. 

  11.     context 'when signed in' do
    12. 

  12.       before do
    13. 

  13.         sign_in user, scope: :user
    14. 

  14.       end
    15. 

  15. 

  16.       describe 'when user requires otp for login already' do
    17. 

  17.         it 'returns http success' do
    18. 

  18.           user.update(otp_required_for_login: true)
    19. 

  19.           get :show
    20. 

  20. 

  21.           expect(response).to have_http_status(200)
    22. 

  22.         end
    23. 

  23.       end
    24. 

  24. 

  25.       describe 'when user does not require otp for login' do
    26. 

  26.         it 'returns http success' do
    27. 

  27.           user.update(otp_required_for_login: false)
    28. 

  28.           get :show
    29. 

  29. 

  30.           expect(response).to have_http_status(200)
    31. 

  31.         end
    32. 

  32.       end
    33. 

  33.     end
    34. 

  34. 

  35.     context 'when not signed in' do
    36. 

  36.       it 'redirects' do
    37. 

  37.         get :show
    38. 

  38.         expect(response).to redirect_to '/auth/sign_in'
    39. 

  39.       end
    40. 

  40.     end
    41. 

  41.   end
    42. 

  42. 

  43.   describe 'POST #create' do
    44. 

  44.     context 'when signed in' do
    45. 

  45.       before do
    46. 

  46.         sign_in user, scope: :user
    47. 

  47.       end
    48. 

  48. 

  49.       describe 'when user requires otp for login already' do
    50. 

  50.         it 'redirects to show page' do
    51. 

  51.           user.update(otp_required_for_login: true)
    52. 

  52.           post :create
    53. 

  53. 

  54.           expect(response).to redirect_to(settings_two_factor_authentication_path)
    55. 

  55.         end
    56. 

  56.       end
    57. 

  57. 

  58.       describe 'when creation succeeds' do
    59. 

  59.         it 'updates user secret' do
    60. 

  60.           before = user.otp_secret
    61. 

  61.           post :create, session: { challenge_passed_at: Time.now.utc }
    62. 

  62. 

  63.           expect(user.reload.otp_secret).not_to eq(before)
    64. 

  64.           expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path)
    65. 

  65.         end
    66. 

  66.       end
    67. 

  67.     end
    68. 

  68. 

  69.     context 'when not signed in' do
    70. 

  70.       it 'redirects' do
    71. 

  71.         get :show
    72. 

  72.         expect(response).to redirect_to '/auth/sign_in'
    73. 

  73.       end
    74. 

  74.     end
    75. 

  75.   end
    76. 

  76. 

  77.   describe 'POST #destroy' do
    78. 

  78.     before do
    79. 

  79.       user.update(otp_required_for_login: true)
    80. 

  80.     end
    81. 

  81. 

  82.     context 'when signed in' do
    83. 

  83.       before do
    84. 

  84.         sign_in user, scope: :user
    85. 

  85.       end
    86. 

  86. 

  87.       it 'turns off otp requirement with correct code' do
    88. 

  88.         expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
    89. 

  89.           expect(value).to eq user
    90. 

  90.           expect(arg).to eq '123456'
    91. 

  91.           true
    92. 

  92.         end
    93. 

  93. 

  94.         post :destroy, params: { form_two_factor_confirmation: { otp_attempt: '123456' } }
    95. 

  95. 

  96.         expect(response).to redirect_to(settings_two_factor_authentication_path)
    97. 

  97.         user.reload
    98. 

  98.         expect(user.otp_required_for_login).to eq(false)
    99. 

  99.       end
    100. 

  100. 

  101.       it 'does not turn off otp if code is incorrect' do
    102. 

  102.         expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
    103. 

  103.           expect(value).to eq user
    104. 

  104.           expect(arg).to eq '057772'
    105. 

  105.           false
    106. 

  106.         end
    107. 

  107. 

  108.         post :destroy, params: { form_two_factor_confirmation: { otp_attempt: '057772' } }
    109. 

  109. 

  110.         user.reload
    111. 

  111.         expect(user.otp_required_for_login).to eq(true)
    112. 

  112.       end
    113. 

  113. 

  114.       it 'raises ActionController::ParameterMissing if code is missing' do
    115. 

  115.         post :destroy
    116. 

  116.         expect(response).to have_http_status(400)
    117. 

  117.       end
    118. 

  118.     end
    119. 

  119. 

  120.     it 'redirects if not signed in' do
    121. 

  121.       get :show
    122. 

  122.       expect(response).to redirect_to '/auth/sign_in'
    123. 

  123.     end
    124. 

  124.   end
    125. 

  125. end
    126.