|
|
@ -6,47 +6,70 @@ describe Settings::TwoFactorAuthenticationsController do |
|
|
|
render_views |
|
|
|
render_views |
|
|
|
|
|
|
|
|
|
|
|
let(:user) { Fabricate(:user) } |
|
|
|
let(:user) { Fabricate(:user) } |
|
|
|
before do |
|
|
|
|
|
|
|
sign_in user, scope: :user |
|
|
|
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
describe 'GET #show' do |
|
|
|
describe 'GET #show' do |
|
|
|
describe 'when user requires otp for login already' do |
|
|
|
context 'when signed in' do |
|
|
|
it 'returns http success' do |
|
|
|
before do |
|
|
|
user.update(otp_required_for_login: true) |
|
|
|
sign_in user, scope: :user |
|
|
|
get :show |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
expect(response).to have_http_status(:success) |
|
|
|
describe 'when user requires otp for login already' do |
|
|
|
|
|
|
|
it 'returns http success' do |
|
|
|
|
|
|
|
user.update(otp_required_for_login: true) |
|
|
|
|
|
|
|
get :show |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
expect(response).to have_http_status(:success) |
|
|
|
|
|
|
|
end |
|
|
|
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
describe 'when user does not require otp for login' do |
|
|
|
|
|
|
|
it 'returns http success' do |
|
|
|
|
|
|
|
user.update(otp_required_for_login: false) |
|
|
|
|
|
|
|
get :show |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
expect(response).to have_http_status(:success) |
|
|
|
|
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
describe 'when user does not require otp for login' do |
|
|
|
context 'when not signed in' do |
|
|
|
it 'returns http success' do |
|
|
|
it 'redirects' do |
|
|
|
user.update(otp_required_for_login: false) |
|
|
|
|
|
|
|
get :show |
|
|
|
get :show |
|
|
|
|
|
|
|
expect(response).to redirect_to '/auth/sign_in' |
|
|
|
expect(response).to have_http_status(:success) |
|
|
|
|
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
describe 'POST #create' do |
|
|
|
describe 'POST #create' do |
|
|
|
describe 'when user requires otp for login already' do |
|
|
|
context 'when signed in' do |
|
|
|
it 'redirects to show page' do |
|
|
|
before do |
|
|
|
user.update(otp_required_for_login: true) |
|
|
|
sign_in user, scope: :user |
|
|
|
post :create |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
expect(response).to redirect_to(settings_two_factor_authentication_path) |
|
|
|
describe 'when user requires otp for login already' do |
|
|
|
|
|
|
|
it 'redirects to show page' do |
|
|
|
|
|
|
|
user.update(otp_required_for_login: true) |
|
|
|
|
|
|
|
post :create |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
expect(response).to redirect_to(settings_two_factor_authentication_path) |
|
|
|
|
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
describe 'when creation succeeds' do |
|
|
|
describe 'when creation succeeds' do |
|
|
|
it 'updates user secret' do |
|
|
|
it 'updates user secret' do |
|
|
|
before = user.otp_secret |
|
|
|
before = user.otp_secret |
|
|
|
post :create |
|
|
|
post :create |
|
|
|
|
|
|
|
|
|
|
|
expect(user.reload.otp_secret).not_to eq(before) |
|
|
|
expect(user.reload.otp_secret).not_to eq(before) |
|
|
|
expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path) |
|
|
|
expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path) |
|
|
|
|
|
|
|
end |
|
|
|
|
|
|
|
end |
|
|
|
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
context 'when not signed in' do |
|
|
|
|
|
|
|
it 'redirects' do |
|
|
|
|
|
|
|
get :show |
|
|
|
|
|
|
|
expect(response).to redirect_to '/auth/sign_in' |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
@ -55,12 +78,19 @@ describe Settings::TwoFactorAuthenticationsController do |
|
|
|
before do |
|
|
|
before do |
|
|
|
user.update(otp_required_for_login: true) |
|
|
|
user.update(otp_required_for_login: true) |
|
|
|
end |
|
|
|
end |
|
|
|
it 'turns off otp requirement' do |
|
|
|
|
|
|
|
|
|
|
|
it 'turns off otp requirement if signed in' do |
|
|
|
|
|
|
|
sign_in user, scope: :user |
|
|
|
post :destroy |
|
|
|
post :destroy |
|
|
|
|
|
|
|
|
|
|
|
expect(response).to redirect_to(settings_two_factor_authentication_path) |
|
|
|
expect(response).to redirect_to(settings_two_factor_authentication_path) |
|
|
|
user.reload |
|
|
|
user.reload |
|
|
|
expect(user.otp_required_for_login).to eq(false) |
|
|
|
expect(user.otp_required_for_login).to eq(false) |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
it 'redirects if not signed in' do |
|
|
|
|
|
|
|
get :show |
|
|
|
|
|
|
|
expect(response).to redirect_to '/auth/sign_in' |
|
|
|
|
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|