closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3106 Commits
4 Branches
567 MiB
Tree: 7b473d7514
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7b473d7514'
${ noResults }
mastodon/spec/controllers/settings/two_factor_authentication/confirmations_controller_sp...

99 lines
3.2 KiB
Raw Normal View History

2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
Cover Settings::TwoFactorAuthentication::ConfirmationsController more (#3386)
7 years ago
2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
Cover Settings::TwoFactorAuthentication::ConfirmationsController more (#3386)
7 years ago
2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
Cover Settings::TwoFactorAuthentication::ConfirmationsController more (#3386)
7 years ago
2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
Cover Settings::TwoFactorAuthentication::ConfirmationsController more (#3386)
7 years ago
2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
Cover Settings::TwoFactorAuthentication::ConfirmationsController more (#3386)
7 years ago
2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
Cover Settings::TwoFactorAuthentication::ConfirmationsController more (#3386)
7 years ago
2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
Cover Settings::TwoFactorAuthentication::ConfirmationsController more (#3386)
7 years ago
2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
Cover Settings::TwoFactorAuthentication::ConfirmationsController more (#3386)
7 years ago
2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
Cover Settings::TwoFactorAuthentication::ConfirmationsController more (#3386)
7 years ago
2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'rails_helper'
  4. 

  5. describe Settings::TwoFactorAuthentication::ConfirmationsController do
  6.   render_views
  7. 

  8.   let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: 'thisisasecretforthespecofnewview') }
  9. 

  10.   shared_examples 'renders :new' do
  11.     it 'renders the new view' do
  12.       subject
  13. 

  14.       expect(assigns(:confirmation)).to be_instance_of Form::TwoFactorConfirmation
  15.       expect(assigns(:provision_url)).to eq 'otpauth://totp/local-part@domain?secret=thisisasecretforthespecofnewview&issuer=cb6e6126.ngrok.io'
  16.       expect(assigns(:qrcode)).to be_instance_of RQRCode::QRCode
  17.       expect(response).to have_http_status(:success)
  18.       expect(response).to render_template(:new)
  19.     end
  20.   end
  21. 

  22.   describe 'GET #new' do
  23.     context 'when signed in' do
  24.       subject do
  25.         sign_in user, scope: :user
  26.         get :new
  27.       end
  28. 

  29.       include_examples 'renders :new'
  30.     end
  31. 

  32.     it 'redirects if not signed in' do
  33.       get :new
  34.       expect(response).to redirect_to('/auth/sign_in')
  35.     end
  36.   end
  37. 

  38.   describe 'POST #create' do
  39.     context 'when signed in' do
  40.       before do
  41.         sign_in user, scope: :user
  42.       end
  43. 

  44.       describe 'when form_two_factor_confirmation parameter is not provided' do
  45.         it 'raises ActionController::ParameterMissing' do
  46.           expect { post :create, params: { } }.to raise_error(ActionController::ParameterMissing)
  47.         end
  48.       end
  49. 

  50.       describe 'when creation succeeds' do
  51.         it 'renders page with success' do
  52.           otp_backup_codes = user.generate_otp_backup_codes!
  53.           expect_any_instance_of(User).to receive(:generate_otp_backup_codes!) do |value|
  54.             expect(value).to eq user
  55.             otp_backup_codes
  56.           end
  57.           expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
  58.             expect(value).to eq user
  59.             expect(arg).to eq '123456'
  60.             true
  61.           end
  62. 

  63.           post :create, params: { form_two_factor_confirmation: { code: '123456' } }
  64. 

  65.           expect(assigns(:recovery_codes)).to eq otp_backup_codes
  66.           expect(flash[:notice]).to eq 'Two-factor authentication successfully enabled'
  67.           expect(response).to have_http_status(:success)
  68.           expect(response).to render_template('settings/two_factor_authentication/recovery_codes/index')
  69.         end
  70.       end
  71. 

  72.       describe 'when creation fails' do
  73.         subject do
  74.           expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
  75.             expect(value).to eq user
  76.             expect(arg).to eq '123456'
  77.             false
  78.           end
  79. 

  80.           post :create, params: { form_two_factor_confirmation: { code: '123456' } }
  81.         end
  82. 

  83.         it 'renders the new view' do
  84.           subject
  85.           expect(response.body).to include 'The entered code was invalid! Are server time and device time correct?'
  86.         end
  87. 

  88.         include_examples 'renders :new'
  89.       end
  90.     end
  91. 

  92.     context 'when not signed in' do
  93.       it 'redirects if not signed in' do
  94.         post :create, params: { form_two_factor_confirmation: { code: '123456' } }
  95.         expect(response).to redirect_to('/auth/sign_in')
  96.       end
  97.     end
  98.   end
  99. end