Convert settings/two_factor_authentication/recovery_codes spec controller->system/request (#33912)

spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-RSpec.describe Settings::TwoFactorAuthentication::RecoveryCodesController do
-  render_views
-
-  describe 'POST #create' do
-    it 'updates the codes and shows them on a view when signed in' do
-      user = Fabricate(:user)
-      otp_backup_codes = user.generate_otp_backup_codes!
-      allow(user).to receive(:generate_otp_backup_codes!).and_return(otp_backup_codes)
-      allow(controller).to receive(:current_user).and_return(user)
-
-      sign_in user, scope: :user
-      post :create, session: { challenge_passed_at: Time.now.utc }
-
-      expect(flash[:notice]).to eq 'Recovery codes successfully regenerated'
-      expect(response).to have_http_status(200)
-      expect(response).to render_template(:index)
-      expect(response.body)
-        .to include(*otp_backup_codes)
-    end
-
-    it 'redirects when not signed in' do
-      post :create
-      expect(response).to redirect_to '/auth/sign_in'
-    end
-  end
-end

spec/requests/settings/two_factor_authentication/recovery_codes_spec.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Settings TwoFactorAuthentication RecoveryCodes' do
+  describe 'POST /settings/two_factor_authentication/recovery_codes' do
+    context 'when signed out' do
+      it 'redirects to sign in page' do
+        post settings_two_factor_authentication_recovery_codes_path
+
+        expect(response)
+          .to redirect_to(new_user_session_path)
+      end
+    end
+  end
+end

spec/system/settings/two_factor_authentication/recovery_codes_spec.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Settings TwoFactorAuthentication RecoveryCodes' do
+  describe 'Generating recovery codes' do
+    let(:user) { Fabricate :user, otp_required_for_login: true }
+    let(:backup_code) { +'147e7284c95bd260b91ed17820860019' }
+
+    before do
+      stub_code_generator
+      sign_in(user)
+    end
+
+    it 'updates the codes and includes them in the view' do
+      # Attempt to generate codes
+      visit settings_two_factor_authentication_methods_path
+      click_on I18n.t('two_factor_authentication.generate_recovery_codes')
+
+      # Fill in challenge password
+      fill_in 'form_challenge_current_password', with: user.password
+
+      expect { click_on I18n.t('challenge.confirm') }
+        .to(change { user.reload.otp_backup_codes })
+
+      expect(page)
+        .to have_content(I18n.t('two_factor_authentication.recovery_codes_regenerated'))
+        .and have_title(I18n.t('settings.two_factor_authentication'))
+        .and have_css('ol.recovery-codes')
+        .and have_content(backup_code)
+    end
+
+    def stub_code_generator
+      allow(SecureRandom).to receive(:hex).and_return(backup_code)
+    end
+  end
+end