97 lines
2.9 KiB
Ruby
97 lines
2.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
|
|
RSpec.describe TwoFactor::DestroyService, feature_category: :system_access do
|
|
let_it_be(:current_user) { create(:user) }
|
|
|
|
subject { described_class.new(current_user, user: user).execute }
|
|
|
|
context 'disabling two-factor authentication' do
|
|
shared_examples_for 'does not send notification email' do
|
|
context 'notification', :mailer do
|
|
it 'does not send a notification' do
|
|
perform_enqueued_jobs do
|
|
subject
|
|
end
|
|
|
|
should_not_email(user)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when the user does not have two-factor authentication enabled' do
|
|
let(:user) { current_user }
|
|
|
|
it 'returns error' do
|
|
expect(subject).to eq(
|
|
{
|
|
status: :error,
|
|
message: 'Two-factor authentication is not enabled for this user'
|
|
}
|
|
)
|
|
end
|
|
|
|
it_behaves_like 'does not send notification email'
|
|
end
|
|
|
|
context 'when the user has two-factor authentication enabled' do
|
|
context 'when the executor is not authorized to disable two-factor authentication' do
|
|
context 'disabling the two-factor authentication of another user' do
|
|
let(:user) { create(:user, :two_factor) }
|
|
|
|
it 'returns error' do
|
|
expect(subject).to eq(
|
|
{
|
|
status: :error,
|
|
message: 'You are not authorized to perform this action'
|
|
}
|
|
)
|
|
end
|
|
|
|
it 'does not disable two-factor authentication' do
|
|
expect { subject }.not_to change { user.reload.two_factor_enabled? }.from(true)
|
|
end
|
|
|
|
it_behaves_like 'does not send notification email'
|
|
end
|
|
end
|
|
|
|
context 'when the executor is authorized to disable two-factor authentication' do
|
|
shared_examples_for 'disables two-factor authentication' do
|
|
it 'returns success' do
|
|
expect(subject).to eq({ status: :success })
|
|
end
|
|
|
|
it 'disables the two-factor authentication of the user' do
|
|
expect { subject }.to change { user.reload.two_factor_enabled? }.from(true).to(false)
|
|
end
|
|
|
|
context 'notification', :mailer do
|
|
it 'sends a notification' do
|
|
perform_enqueued_jobs do
|
|
subject
|
|
end
|
|
|
|
should_email(user)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'disabling their own two-factor authentication' do
|
|
let(:current_user) { create(:user, :two_factor) }
|
|
let(:user) { current_user }
|
|
|
|
it_behaves_like 'disables two-factor authentication'
|
|
end
|
|
|
|
context 'admin disables the two-factor authentication of another user', :enable_admin_mode do
|
|
let(:current_user) { create(:admin) }
|
|
let(:user) { create(:user, :two_factor) }
|
|
|
|
it_behaves_like 'disables two-factor authentication'
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|