debian-mirror-gitlab/spec/models/u2f_registration_spec.rb

142 lines
4.2 KiB
Ruby
Raw Normal View History

2021-03-11 19:13:27 +05:30
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe U2fRegistration do
let_it_be(:user) { create(:user) }
2021-09-30 23:02:18 +05:30
2021-12-11 22:18:48 +05:30
let(:u2f_registration_name) { 'u2f_device' }
2022-08-27 11:52:29 +05:30
let(:app_id) { FFaker::BaconIpsum.characters(5) }
let(:device) { U2F::FakeU2F.new(app_id) }
2021-12-11 22:18:48 +05:30
2022-08-27 11:52:29 +05:30
describe '.authenticate' do
context 'when registration is found' do
it 'returns true' do
create_u2f_registration
device_challenge = U2F.urlsafe_encode64(SecureRandom.random_bytes(32))
sign_response_json = device.sign_response(device_challenge)
response = U2fRegistration.authenticate(
user,
app_id,
sign_response_json,
device_challenge
)
expect(response).to eq true
end
end
context 'when registration not found' do
it 'returns nil' do
device_challenge = U2F.urlsafe_encode64(SecureRandom.random_bytes(32))
sign_response_json = device.sign_response(device_challenge)
# data is valid but user does not have any u2f_registrations
response = U2fRegistration.authenticate(
user,
app_id,
sign_response_json,
device_challenge
)
expect(response).to eq nil
end
end
context 'when args passed in are invalid' do
it 'returns false' do
some_app_id = 123
invalid_json = 'invalid JSON'
challenges = 'whatever'
response = U2fRegistration.authenticate(
user,
some_app_id,
invalid_json,
challenges
)
expect(response).to eq false
end
end
2021-03-11 19:13:27 +05:30
end
describe 'callbacks' do
2022-08-27 11:52:29 +05:30
describe 'after create' do
2021-12-11 22:18:48 +05:30
shared_examples_for 'creates webauthn registration' do
it 'creates webauthn registration' do
2022-08-27 11:52:29 +05:30
u2f_registration = create_u2f_registration
webauthn_registration = WebauthnRegistration.where(u2f_registration_id: u2f_registration.id)
2021-12-11 22:18:48 +05:30
expect(webauthn_registration).to exist
end
end
it_behaves_like 'creates webauthn registration'
context 'when the u2f_registration has a blank name' do
let(:u2f_registration_name) { '' }
it_behaves_like 'creates webauthn registration'
end
context 'when the u2f_registration has the name as `nil`' do
let(:u2f_registration_name) { nil }
2021-03-11 19:13:27 +05:30
2021-12-11 22:18:48 +05:30
it_behaves_like 'creates webauthn registration'
2021-03-11 19:13:27 +05:30
end
it 'logs error' do
allow(Gitlab::Auth::U2fWebauthnConverter).to receive(:new).and_raise('boom!')
2022-01-26 12:08:38 +05:30
allow_next_instance_of(U2fRegistration) do |u2f_registration|
allow(u2f_registration).to receive(:id).and_return(123)
end
expect(Gitlab::ErrorTracking).to(
receive(:track_exception).with(kind_of(StandardError),
u2f_registration_id: 123))
2022-08-27 11:52:29 +05:30
create_u2f_registration
2021-03-11 19:13:27 +05:30
end
end
2022-08-27 11:52:29 +05:30
describe 'after update' do
context 'when counter is updated' do
it 'updates the webauthn registration counter to be the same value' do
u2f_registration = create_u2f_registration
new_counter = u2f_registration.counter + 1
webauthn_registration = WebauthnRegistration.find_by(u2f_registration_id: u2f_registration.id)
u2f_registration.update!(counter: new_counter)
expect(u2f_registration.reload.counter).to eq(new_counter)
expect(webauthn_registration.reload.counter).to eq(new_counter)
end
end
context 'when sign count of registration is not updated' do
it 'does not update the counter' do
u2f_registration = create_u2f_registration
webauthn_registration = WebauthnRegistration.find_by(u2f_registration_id: u2f_registration.id)
expect do
u2f_registration.update!(name: 'a new name')
end.not_to change { webauthn_registration.counter }
end
end
end
end
def create_u2f_registration
create(
:u2f_registration,
name: u2f_registration_name,
user: user,
certificate: Base64.strict_encode64(device.cert_raw),
key_handle: U2F.urlsafe_encode64(device.key_handle_raw),
public_key: Base64.strict_encode64(device.origin_public_key_raw)
)
2021-03-11 19:13:27 +05:30
end
end