105 lines
2.9 KiB
Ruby
105 lines
2.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
|
|
RSpec.describe RequireEmailVerification, feature_category: :insider_threat do
|
|
let_it_be(:model) do
|
|
Class.new(ApplicationRecord) do
|
|
self.table_name = 'users'
|
|
|
|
devise :lockable
|
|
|
|
include RequireEmailVerification
|
|
end
|
|
end
|
|
|
|
using RSpec::Parameterized::TableSyntax
|
|
|
|
where(feature_flag_enabled: [true, false],
|
|
two_factor_enabled: [true, false],
|
|
oauth_user: [true, false],
|
|
skipped: [true, false])
|
|
|
|
with_them do
|
|
let(:instance) { model.new(id: 1) }
|
|
let(:another_instance) { model.new(id: 2) }
|
|
let(:overridden) { feature_flag_enabled && !two_factor_enabled && !oauth_user && !skipped }
|
|
|
|
before do
|
|
stub_feature_flags(require_email_verification: feature_flag_enabled ? instance : another_instance)
|
|
allow(instance).to receive(:two_factor_enabled?).and_return(two_factor_enabled)
|
|
allow(instance).to receive(:identities).and_return(oauth_user ? [:google] : [])
|
|
stub_feature_flags(skip_require_email_verification: skipped ? instance : another_instance)
|
|
end
|
|
|
|
describe '#lock_access!' do
|
|
subject { instance.lock_access! }
|
|
|
|
before do
|
|
allow(instance).to receive(:save)
|
|
end
|
|
|
|
it 'sends Devise unlock instructions unless overridden and always sets locked_at' do
|
|
expect(instance).to receive(:send_unlock_instructions).exactly(overridden ? 0 : 1).times
|
|
|
|
expect { subject }.to change { instance.locked_at }.from(nil)
|
|
end
|
|
end
|
|
|
|
describe '#attempts_exceeded?' do
|
|
subject { instance.send(:attempts_exceeded?) }
|
|
|
|
context 'when failed_attempts is LT overridden amount' do
|
|
before do
|
|
instance.failed_attempts = 5
|
|
end
|
|
|
|
it { is_expected.to eq(false) }
|
|
end
|
|
|
|
context 'when failed_attempts is GTE overridden amount but LT Devise default amount' do
|
|
before do
|
|
instance.failed_attempts = 6
|
|
end
|
|
|
|
it { is_expected.to eq(overridden) }
|
|
end
|
|
|
|
context 'when failed_attempts is GTE Devise default amount' do
|
|
before do
|
|
instance.failed_attempts = 10
|
|
end
|
|
|
|
it { is_expected.to eq(true) }
|
|
end
|
|
end
|
|
|
|
describe '#lock_expired?' do
|
|
subject { instance.send(:lock_expired?) }
|
|
|
|
context 'when locked shorter ago than Devise default time' do
|
|
before do
|
|
instance.locked_at = 9.minutes.ago
|
|
end
|
|
|
|
it { is_expected.to eq(false) }
|
|
end
|
|
|
|
context 'when locked longer ago than Devise default time but shorter ago than overriden time' do
|
|
before do
|
|
instance.locked_at = 11.minutes.ago
|
|
end
|
|
|
|
it { is_expected.to eq(!overridden) }
|
|
end
|
|
|
|
context 'when locked longer ago than overriden time' do
|
|
before do
|
|
instance.locked_at = (24.hours + 1.minute).ago
|
|
end
|
|
|
|
it { is_expected.to eq(true) }
|
|
end
|
|
end
|
|
end
|
|
end
|