2021-09-30 23:02:18 +05:30
# frozen_string_literal: true
require 'spec_helper'
2023-03-04 22:38:38 +05:30
RSpec . describe 'Two factor auths' , feature_category : :users do
2022-01-26 12:08:38 +05:30
include Spec :: Support :: Helpers :: ModalHelpers
2021-09-30 23:02:18 +05:30
context 'when signed in' do
2022-11-25 23:54:43 +05:30
let ( :invalid_current_pwd_msg ) { 'You must provide a valid current password' }
2021-09-30 23:02:18 +05:30
before do
2021-11-11 11:23:49 +05:30
sign_in ( user )
2021-09-30 23:02:18 +05:30
end
context 'when user has two-factor authentication disabled' do
2023-01-13 00:05:48 +05:30
let_it_be ( :user ) { create ( :user ) }
2021-09-30 23:02:18 +05:30
it 'requires the current password to set up two factor authentication' , :js do
visit profile_two_factor_auth_path
2021-11-11 11:23:49 +05:30
register_2fa ( user . current_otp , '123' )
2021-09-30 23:02:18 +05:30
2022-11-25 23:54:43 +05:30
expect ( page ) . to have_selector ( '.gl-alert-title' , text : invalid_current_pwd_msg , count : 1 )
2021-09-30 23:02:18 +05:30
register_2fa ( user . reload . current_otp , user . password )
expect ( page ) . to have_content ( 'Please copy, download, or print your recovery codes before proceeding.' )
click_button 'Copy codes'
click_link 'Proceed'
expect ( page ) . to have_content ( 'Status: Enabled' )
end
2021-11-11 11:23:49 +05:30
context 'when user authenticates with an external service' do
2021-11-18 22:05:49 +05:30
let_it_be ( :user ) { create ( :omniauth_user ) }
2021-11-11 11:23:49 +05:30
it 'does not require the current password to set up two factor authentication' , :js do
visit profile_two_factor_auth_path
2021-09-30 23:02:18 +05:30
2021-11-11 11:23:49 +05:30
fill_in 'pin_code' , with : user . current_otp
click_button 'Register with two-factor app'
expect ( page ) . to have_content ( 'Please copy, download, or print your recovery codes before proceeding.' )
click_button 'Copy codes'
click_link 'Proceed'
expect ( page ) . to have_content ( 'Status: Enabled' )
end
2021-09-30 23:02:18 +05:30
end
2021-12-11 22:18:48 +05:30
context 'when invalid pin is provided' do
let_it_be ( :user ) { create ( :omniauth_user ) }
it 'renders a error alert with a link to the troubleshooting section' do
visit profile_two_factor_auth_path
fill_in 'pin_code' , with : '123'
click_button 'Register with two-factor app'
expect ( page ) . to have_link ( 'Try the troubleshooting steps here.' , href : help_page_path ( 'user/profile/account/two_factor_authentication.md' , anchor : 'troubleshooting' ) )
end
end
2021-11-11 11:23:49 +05:30
end
context 'when user has two-factor authentication enabled' do
let_it_be ( :user ) { create ( :user , :two_factor ) }
2021-09-30 23:02:18 +05:30
it 'requires the current_password to disable two-factor authentication' , :js do
visit profile_two_factor_auth_path
fill_in 'current_password' , with : '123'
click_button 'Disable two-factor authentication'
2022-01-26 12:08:38 +05:30
within_modal do
2021-12-11 22:18:48 +05:30
click_button 'Disable'
end
2021-09-30 23:02:18 +05:30
2022-11-25 23:54:43 +05:30
expect ( page ) . to have_selector ( '.gl-alert-title' , text : invalid_current_pwd_msg , count : 1 )
2021-09-30 23:02:18 +05:30
fill_in 'current_password' , with : user . password
click_button 'Disable two-factor authentication'
2022-01-26 12:08:38 +05:30
within_modal do
2021-12-11 22:18:48 +05:30
click_button 'Disable'
end
2021-09-30 23:02:18 +05:30
expect ( page ) . to have_content ( 'Two-factor authentication has been disabled successfully!' )
expect ( page ) . to have_content ( 'Enable two-factor authentication' )
end
2021-11-11 11:23:49 +05:30
it 'requires the current_password to regenerate recovery codes' , :js do
2021-09-30 23:02:18 +05:30
visit profile_two_factor_auth_path
fill_in 'current_password' , with : '123'
click_button 'Regenerate recovery codes'
2022-11-25 23:54:43 +05:30
expect ( page ) . to have_selector ( '.gl-alert-title' , text : invalid_current_pwd_msg , count : 1 )
2021-09-30 23:02:18 +05:30
fill_in 'current_password' , with : user . password
click_button 'Regenerate recovery codes'
expect ( page ) . to have_content ( 'Please copy, download, or print your recovery codes before proceeding.' )
end
2021-11-11 11:23:49 +05:30
context 'when user authenticates with an external service' do
2021-11-18 22:05:49 +05:30
let_it_be ( :user ) { create ( :omniauth_user , :two_factor ) }
2021-11-11 11:23:49 +05:30
it 'does not require the current_password to disable two-factor authentication' , :js do
visit profile_two_factor_auth_path
click_button 'Disable two-factor authentication'
2022-01-26 12:08:38 +05:30
within_modal do
2021-12-11 22:18:48 +05:30
click_button 'Disable'
end
2021-11-11 11:23:49 +05:30
expect ( page ) . to have_content ( 'Two-factor authentication has been disabled successfully!' )
expect ( page ) . to have_content ( 'Enable two-factor authentication' )
end
it 'does not require the current_password to regenerate recovery codes' , :js do
visit profile_two_factor_auth_path
click_button 'Regenerate recovery codes'
expect ( page ) . to have_content ( 'Please copy, download, or print your recovery codes before proceeding.' )
end
end
2021-09-30 23:02:18 +05:30
end
def register_2fa ( pin , password )
fill_in 'pin_code' , with : pin
fill_in 'current_password' , with : password
click_button 'Register with two-factor app'
end
end
end