debian-mirror-gitlab/spec/controllers/profiles/two_factor_auths_controller_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Profiles::TwoFactorAuthsController do
  before do
    # `user` should be defined within the action-specific describe blocks
    sign_in(user)

    allow(subject).to receive(:current_user).and_return(user)
  end

  describe 'GET show' do
    let(:user) { create(:user) }

    it 'generates otp_secret for user' do
      expect(User).to receive(:generate_otp_secret).with(32).and_call_original.once

      get :show
    end

    it 'assigns qr_code' do
      code = double('qr code')
      expect(subject).to receive(:build_qr_code).and_return(code)

      get :show
      expect(assigns[:qr_code]).to eq code
    end

    it 'generates a unique otp_secret every time the page is loaded' do
      expect(User).to receive(:generate_otp_secret).with(32).and_call_original.twice

      2.times do
        get :show
      end
    end
  end

  describe 'POST create' do
    let(:user) { create(:user) }
    let(:pin)  { 'pin-code' }

    def go
      post :create, params: { pin_code: pin }
    end

    context 'with valid pin' do
      before do
        expect(user).to receive(:validate_and_consume_otp!).with(pin).and_return(true)
      end

      it 'enables 2fa for the user' do
        go

        user.reload
        expect(user).to be_two_factor_enabled
      end

      it 'presents plaintext codes for the user to save' do
        expect(user).to receive(:generate_otp_backup_codes!).and_return(%w(a b c))

        go

        expect(assigns[:codes]).to match_array %w(a b c)
      end

      it 'calls to delete other sessions' do
        expect(ActiveSession).to receive(:destroy_all_but_current)

        go
      end

      it 'renders create' do
        go
        expect(response).to render_template(:create)
      end
    end

    context 'with invalid pin' do
      before do
        expect(user).to receive(:validate_and_consume_otp!).with(pin).and_return(false)
      end

      it 'assigns error' do
        go
        expect(assigns[:error]).to eq _('Invalid pin code')
      end

      it 'assigns qr_code' do
        code = double('qr code')
        expect(subject).to receive(:build_qr_code).and_return(code)

        go
        expect(assigns[:qr_code]).to eq code
      end

      it 'renders show' do
        go
        expect(response).to render_template(:show)
      end
    end
  end

  describe 'POST codes' do
    let(:user) { create(:user, :two_factor) }

    it 'presents plaintext codes for the user to save' do
      expect(user).to receive(:generate_otp_backup_codes!).and_return(%w(a b c))

      post :codes
      expect(assigns[:codes]).to match_array %w(a b c)
    end

    it 'persists the generated codes' do
      post :codes

      user.reload
      expect(user.otp_backup_codes).not_to be_empty
    end
  end

  describe 'DELETE destroy' do
    subject { delete :destroy }

    context 'for a user that has 2FA enabled' do
      let(:user) { create(:user, :two_factor) }

      it 'disables two factor' do
        subject

        expect(user.reload.two_factor_enabled?).to eq(false)
      end

      it 'redirects to profile_account_path' do
        subject

        expect(response).to redirect_to(profile_account_path)
      end

      it 'displays a notice on success' do
        subject

        expect(flash[:notice])
          .to eq _('Two-factor authentication has been disabled successfully!')
      end
    end

    context 'for a user that does not have 2FA enabled' do
      let(:user) { create(:user) }

      it 'redirects to profile_account_path' do
        subject

        expect(response).to redirect_to(profile_account_path)
      end

      it 'displays an alert on failure' do
        subject

        expect(flash[:alert])
          .to eq _('Two-factor authentication is not enabled for this user')
      end
    end
  end
end
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`# frozen_string_literal: true`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`require 'spec_helper'`

New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`RSpec.describe Profiles::TwoFactorAuthsController do`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`before do`
			# `user` should be defined within the action-specific describe blocks
			`sign_in(user)`

			`allow(subject).to receive(:current_user).and_return(user)`
			`end`

Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`describe 'GET show' do`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`let(:user) { create(:user) }`

			`it 'generates otp_secret for user' do`
New upstream version 13.2.8 2020-09-03 11:15:55 +05:30			`expect(User).to receive(:generate_otp_secret).with(32).and_call_original.once`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`get :show`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

			`it 'assigns qr_code' do`
			`code = double('qr code')`
			`expect(subject).to receive(:build_qr_code).and_return(code)`

Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`get :show`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`expect(assigns[:qr_code]).to eq code`
			`end`
New upstream version 13.2.8 2020-09-03 11:15:55 +05:30
			`it 'generates a unique otp_secret every time the page is loaded' do`
			`expect(User).to receive(:generate_otp_secret).with(32).and_call_original.twice`

			`2.times do`
			`get :show`
			`end`
			`end`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

			`describe 'POST create' do`
			`let(:user) { create(:user) }`
			`let(:pin) { 'pin-code' }`

			`def go`
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`post :create, params: { pin_code: pin }`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

			`context 'with valid pin' do`
			`before do`
Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30			`expect(user).to receive(:validate_and_consume_otp!).with(pin).and_return(true)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`it 'enables 2fa for the user' do`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`go`

			`user.reload`
			`expect(user).to be_two_factor_enabled`
			`end`

			`it 'presents plaintext codes for the user to save' do`
			`expect(user).to receive(:generate_otp_backup_codes!).and_return(%w(a b c))`

			`go`

			`expect(assigns[:codes]).to match_array %w(a b c)`
			`end`

New upstream version 13.2.8 2020-09-03 11:15:55 +05:30			`it 'calls to delete other sessions' do`
			`expect(ActiveSession).to receive(:destroy_all_but_current)`

			`go`
			`end`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`it 'renders create' do`
			`go`
			`expect(response).to render_template(:create)`
			`end`
			`end`

			`context 'with invalid pin' do`
			`before do`
Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30			`expect(user).to receive(:validate_and_consume_otp!).with(pin).and_return(false)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

			`it 'assigns error' do`
			`go`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`expect(assigns[:error]).to eq _('Invalid pin code')`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

			`it 'assigns qr_code' do`
			`code = double('qr code')`
			`expect(subject).to receive(:build_qr_code).and_return(code)`

			`go`
			`expect(assigns[:qr_code]).to eq code`
			`end`

Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`it 'renders show' do`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`go`
Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`expect(response).to render_template(:show)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`
			`end`
			`end`

			`describe 'POST codes' do`
			`let(:user) { create(:user, :two_factor) }`

			`it 'presents plaintext codes for the user to save' do`
			`expect(user).to receive(:generate_otp_backup_codes!).and_return(%w(a b c))`

			`post :codes`
			`expect(assigns[:codes]).to match_array %w(a b c)`
			`end`

			`it 'persists the generated codes' do`
			`post :codes`

			`user.reload`
			`expect(user.otp_backup_codes).not_to be_empty`
			`end`
			`end`

			`describe 'DELETE destroy' do`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`subject { delete :destroy }`

			`context 'for a user that has 2FA enabled' do`
			`let(:user) { create(:user, :two_factor) }`

			`it 'disables two factor' do`
			`subject`

			`expect(user.reload.two_factor_enabled?).to eq(false)`
			`end`

			`it 'redirects to profile_account_path' do`
			`subject`

			`expect(response).to redirect_to(profile_account_path)`
			`end`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`it 'displays a notice on success' do`
			`subject`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`expect(flash[:notice])`
			`.to eq _('Two-factor authentication has been disabled successfully!')`
			`end`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`context 'for a user that does not have 2FA enabled' do`
			`let(:user) { create(:user) }`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`it 'redirects to profile_account_path' do`
			`subject`

			`expect(response).to redirect_to(profile_account_path)`
			`end`

			`it 'displays an alert on failure' do`
			`subject`

			`expect(flash[:alert])`
			`.to eq _('Two-factor authentication is not enabled for this user')`
			`end`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`
			`end`
			`end`