Add sign in tests

2020-12-25 02:07:37 +01:00 · 2020-12-25 02:07:37 +01:00 · 9558fbf9fe
parent b5b9afc657
commit 9558fbf9fe
2 changed files with 52 additions and 1 deletions
--- a/db/schema.rb
+++ b/db/schema.rb
@ -280,7 +280,7 @@ ActiveRecord::Schema.define(version: 2020_11_01_155648) do
    t.boolean "export_processing", default: false, null: false
    t.datetime "export_created_at"
    t.string "otp_secret_key"
-    t.integer "otp_module"
+    t.integer "otp_module", default: 0, null: false
    t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
    t.index ["email"], name: "index_users_on_email", unique: true
    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
--- a/spec/controllers/user/sessions_controller_spec.rb
+++ b/spec/controllers/user/sessions_controller_spec.rb
@ -21,5 +21,56 @@ describe User::SessionsController do

      expect(subject).to have_rendered('auth/two_factor_authentication')
    end
+
+    context "2fa sign in attempt" do
+      subject do
+        post :create,
+             params: { user: { otp_attempt: code_input } },
+             session: { user_sign_in_uid: user.id }
+      end
+
+      before do
+        user.otp_module = :enabled
+        user.save
+      end
+
+      context "incorrect code" do
+        let(:code_input) { 123456 }
+
+        it "redirects to the sign in page" do
+          expect(subject).to redirect_to :new_user_session
+        end
+      end
+
+      context "correct code" do
+        let(:code_input) { user.otp_code }
+
+        it "redirects to the timeline" do
+          expect(subject).to redirect_to :root
+        end
+      end
+
+      context "correct recovery code" do
+        let(:code_input) { 'raccoons' }
+
+        before do
+          user.totp_recovery_codes << TotpRecoveryCode.create(code: 'raccoons')
+        end
+
+        it "consumes the recovery code" do
+          expect { subject }.to change { user.totp_recovery_codes.count }.by(-1)
+          expect(response).to redirect_to :root
+        end
+      end
+
+      context "incorrect recovery code" do
+        let(:code_input) { 'abcdefgh' }
+
+        it "redirects to the sign in page" do
+          expect(subject).to redirect_to :new_user_session
+          expect(flash[:error]).to eq I18n.t('views.auth.2fa.errors.invalid_code')
+        end
+      end
+    end
  end
 end