2022-06-26 02:00:29 -07:00
# frozen_string_literal: true
require " rails_helper "
2020-10-19 03:20:44 -07:00
describe User :: SessionsController do
before do
2020-10-23 11:45:06 -07:00
# Required for devise to register routes
2020-10-19 03:20:44 -07:00
@request . env [ " devise.mapping " ] = Devise . mappings [ :user ]
end
2020-10-20 02:44:20 -07:00
describe " # create " do
2022-07-30 05:42:55 -07:00
let ( :user ) { FactoryBot . create ( :user , password : " /bin/animals64 " ) }
2020-10-20 02:44:20 -07:00
subject { post :create , params : { user : { login : user . email , password : user . password } } }
it " logs in users without 2FA enabled without any further input " do
expect ( subject ) . to redirect_to :root
end
it " prompts users with 2FA enabled to enter a code " do
user . otp_module = :enabled
user . save
2022-07-30 05:42:55 -07:00
expect ( subject ) . to have_rendered ( " auth/two_factor_authentication " )
2020-10-20 02:44:20 -07:00
end
2020-12-24 17:07:37 -08:00
context " 2fa sign in attempt " do
subject do
post :create ,
2022-07-30 05:42:55 -07:00
params : { user : { otp_attempt : code_input } } ,
2020-12-24 17:07:37 -08:00
session : { user_sign_in_uid : user . id }
end
before do
user . otp_module = :enabled
user . save
end
context " incorrect code " do
let ( :code_input ) { 123456 }
it " redirects to the sign in page " do
expect ( subject ) . to redirect_to :new_user_session
end
end
context " correct code " do
let ( :code_input ) { user . otp_code }
it " redirects to the timeline " do
expect ( subject ) . to redirect_to :root
end
end
context " correct recovery code " do
2022-07-30 05:42:55 -07:00
let ( :code_input ) { " raccoons " }
2020-12-24 17:07:37 -08:00
before do
2022-07-30 05:42:55 -07:00
user . totp_recovery_codes << TotpRecoveryCode . create ( code : " raccoons " )
2020-12-24 17:07:37 -08:00
end
it " consumes the recovery code " do
expect { subject } . to change { user . totp_recovery_codes . count } . by ( - 1 )
expect ( response ) . to redirect_to :root
end
end
context " incorrect recovery code " do
2022-07-30 05:42:55 -07:00
let ( :code_input ) { " abcdefgh " }
2020-12-24 17:07:37 -08:00
it " redirects to the sign in page " do
expect ( subject ) . to redirect_to :new_user_session
2022-02-13 10:49:01 -08:00
expect ( flash [ :error ] ) . to eq I18n . t ( " errors.invalid_otp " )
2020-12-24 17:07:37 -08:00
end
end
end
2022-06-26 02:00:29 -07:00
context " permanently banned user sign in attempt " do
before do
user . ban ( nil , " Do not feed the animals " )
end
it " redirects to the sign in page " do
expect ( subject ) . to redirect_to :new_user_session
2023-12-10 16:27:43 -08:00
expect ( flash [ :notice ] ) . to eq " #{ I18n . t ( 'user.sessions.create.banned' , name : user . screen_name ) } \n #{ I18n . t ( 'user.sessions.create.reason' , reason : 'Do not feed the animals' ) } \n #{ I18n . t ( 'user.sessions.create.permanent' ) } "
2022-06-26 02:00:29 -07:00
end
end
context " temporarily banned user sign in attempt " do
let ( :expiry ) { DateTime . now . utc + 3 . hours }
before do
user . ban ( expiry , " Do not feed the animals " )
end
it " redirects to the sign in page " do
expect ( subject ) . to redirect_to :new_user_session
2022-07-30 05:35:47 -07:00
expect ( flash [ :notice ] ) . to eq I18n . t ( " user.sessions.create.banned " , name : user . screen_name ) +
2022-07-30 05:42:55 -07:00
" \n #{ I18n . t ( 'user.sessions.create.reason' , reason : 'Do not feed the animals' ) } " \
" \n #{ I18n . t ( 'user.sessions.create.until' , time : expiry ) } "
2022-06-26 02:00:29 -07:00
end
end
2020-10-20 02:44:20 -07:00
end
2022-07-30 05:42:55 -07:00
end
