From 62dc303d3c38e37f4f869b240d7014adc8d2d9c4 Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Thu, 13 Feb 2025 03:02:01 -0500 Subject: [PATCH] Convert `settings/two_factor_authentication/recovery_codes` spec controller->system/request (#33912) --- .../recovery_codes_controller_spec.rb | 30 --------------- .../recovery_codes_spec.rb | 16 ++++++++ .../recovery_codes_spec.rb | 37 +++++++++++++++++++ 3 files changed, 53 insertions(+), 30 deletions(-) delete mode 100644 spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb create mode 100644 spec/requests/settings/two_factor_authentication/recovery_codes_spec.rb create mode 100644 spec/system/settings/two_factor_authentication/recovery_codes_spec.rb diff --git a/spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb b/spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb deleted file mode 100644 index 0defc52cde..0000000000 --- a/spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb +++ /dev/null @@ -1,30 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' - -RSpec.describe Settings::TwoFactorAuthentication::RecoveryCodesController do - render_views - - describe 'POST #create' do - it 'updates the codes and shows them on a view when signed in' do - user = Fabricate(:user) - otp_backup_codes = user.generate_otp_backup_codes! - allow(user).to receive(:generate_otp_backup_codes!).and_return(otp_backup_codes) - allow(controller).to receive(:current_user).and_return(user) - - sign_in user, scope: :user - post :create, session: { challenge_passed_at: Time.now.utc } - - expect(flash[:notice]).to eq 'Recovery codes successfully regenerated' - expect(response).to have_http_status(200) - expect(response).to render_template(:index) - expect(response.body) - .to include(*otp_backup_codes) - end - - it 'redirects when not signed in' do - post :create - expect(response).to redirect_to '/auth/sign_in' - end - end -end diff --git a/spec/requests/settings/two_factor_authentication/recovery_codes_spec.rb b/spec/requests/settings/two_factor_authentication/recovery_codes_spec.rb new file mode 100644 index 0000000000..30cbfc2a7b --- /dev/null +++ b/spec/requests/settings/two_factor_authentication/recovery_codes_spec.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe 'Settings TwoFactorAuthentication RecoveryCodes' do + describe 'POST /settings/two_factor_authentication/recovery_codes' do + context 'when signed out' do + it 'redirects to sign in page' do + post settings_two_factor_authentication_recovery_codes_path + + expect(response) + .to redirect_to(new_user_session_path) + end + end + end +end diff --git a/spec/system/settings/two_factor_authentication/recovery_codes_spec.rb b/spec/system/settings/two_factor_authentication/recovery_codes_spec.rb new file mode 100644 index 0000000000..ba8491429c --- /dev/null +++ b/spec/system/settings/two_factor_authentication/recovery_codes_spec.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe 'Settings TwoFactorAuthentication RecoveryCodes' do + describe 'Generating recovery codes' do + let(:user) { Fabricate :user, otp_required_for_login: true } + let(:backup_code) { +'147e7284c95bd260b91ed17820860019' } + + before do + stub_code_generator + sign_in(user) + end + + it 'updates the codes and includes them in the view' do + # Attempt to generate codes + visit settings_two_factor_authentication_methods_path + click_on I18n.t('two_factor_authentication.generate_recovery_codes') + + # Fill in challenge password + fill_in 'form_challenge_current_password', with: user.password + + expect { click_on I18n.t('challenge.confirm') } + .to(change { user.reload.otp_backup_codes }) + + expect(page) + .to have_content(I18n.t('two_factor_authentication.recovery_codes_regenerated')) + .and have_title(I18n.t('settings.two_factor_authentication')) + .and have_css('ol.recovery-codes') + .and have_content(backup_code) + end + + def stub_code_generator + allow(SecureRandom).to receive(:hex).and_return(backup_code) + end + end +end