From 9558fbf9fe75e9fd5399789fdff73882f26eb2bd Mon Sep 17 00:00:00 2001 From: Dominik Kwiatek Date: Fri, 25 Dec 2020 02:07:37 +0100 Subject: [PATCH] Add sign in tests --- db/schema.rb | 2 +- .../user/sessions_controller_spec.rb | 51 +++++++++++++++++++ 2 files changed, 52 insertions(+), 1 deletion(-) diff --git a/db/schema.rb b/db/schema.rb index a297997d..86012613 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -280,7 +280,7 @@ ActiveRecord::Schema.define(version: 2020_11_01_155648) do t.boolean "export_processing", default: false, null: false t.datetime "export_created_at" t.string "otp_secret_key" - t.integer "otp_module" + t.integer "otp_module", default: 0, null: false t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true t.index ["email"], name: "index_users_on_email", unique: true t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true diff --git a/spec/controllers/user/sessions_controller_spec.rb b/spec/controllers/user/sessions_controller_spec.rb index ced9528c..3b3a61d2 100644 --- a/spec/controllers/user/sessions_controller_spec.rb +++ b/spec/controllers/user/sessions_controller_spec.rb @@ -21,5 +21,56 @@ describe User::SessionsController do expect(subject).to have_rendered('auth/two_factor_authentication') end + + context "2fa sign in attempt" do + subject do + post :create, + params: { user: { otp_attempt: code_input } }, + session: { user_sign_in_uid: user.id } + end + + before do + user.otp_module = :enabled + user.save + end + + context "incorrect code" do + let(:code_input) { 123456 } + + it "redirects to the sign in page" do + expect(subject).to redirect_to :new_user_session + end + end + + context "correct code" do + let(:code_input) { user.otp_code } + + it "redirects to the timeline" do + expect(subject).to redirect_to :root + end + end + + context "correct recovery code" do + let(:code_input) { 'raccoons' } + + before do + user.totp_recovery_codes << TotpRecoveryCode.create(code: 'raccoons') + end + + it "consumes the recovery code" do + expect { subject }.to change { user.totp_recovery_codes.count }.by(-1) + expect(response).to redirect_to :root + end + end + + context "incorrect recovery code" do + let(:code_input) { 'abcdefgh' } + + it "redirects to the sign in page" do + expect(subject).to redirect_to :new_user_session + expect(flash[:error]).to eq I18n.t('views.auth.2fa.errors.invalid_code') + end + end + end end end \ No newline at end of file