add two_factor_controller_tests

lislis · lislis · commit 0ace3fbb572d · 2018-08-25T17:54:18.000+02:00
diff --git a/spec/controllers/two_factor_authentications_controller_spec.rb b/spec/controllers/two_factor_authentications_controller_spec.rb
@@ -1,31 +1,107 @@
 # frozen_string_literal: true
 
-describe TwoFactorAuthenticationsController, :type => :controller do
+describe TwoFactorAuthenticationsController, type: :controller do
   before do
-    sign_in alice
+    @user = FactoryGirl.create :user
+    sign_in @user
   end
 
   describe "#show" do
-    it "shows the current state of 2fa" do
+    it "shows the deactivated state of 2fa" do
       get :show
-      expect(response.body).to match I18n.t('two_factor_auth.title')
-      expect(response.body).to match I18n.t('two_factor_auth.deactivated.status')
+      expect(response.body).to match I18n.t("two_factor_auth.title")
+      expect(response.body).to match I18n.t("two_factor_auth.deactivated.status")
+      expect(@user).to have_attributes(otp_required_for_login: nil)
+    end
+
+    it "shows the activated state of 2fa" do
+      activate_2fa
+      get :show
+      expect(response.body).to match I18n.t("two_factor_auth.title")
+      expect(response.body).to match I18n.t("two_factor_auth.activated.status")
+      expect(response.body).to match I18n.t("two_factor_auth.input_token.label")
+      expect(response.body).to match I18n.t("two_factor_auth.recovery.button")
+      expect(@user).to have_attributes(otp_required_for_login: true)
     end
   end
 
   describe "#create" do
-    it "it starts the 2fa activation workflow" do
+    it "sets the otp_secret flag" do
       post :create, params: {user: {otp_required_for_login: "true"}}
       expect(response).to be_redirect
       expect(response.location).to match confirm_two_factor_authentication_path
     end
   end
 
-  describe "#confirm_2fa"
+  describe "#confirm_2fa" do
+    before do
+      create_otp_token
+    end
+    it "shows the QR verification code" do
+      get :confirm_2fa
+      expect(response.body).to match I18n.t("two_factor_auth.confirm.title")
+      expect(response.body).to include("svg")
+      expect(response.body).to match(/#{@user.otp_secret.scan(/.{4}/).join(" ")}/)
+      expect(response.body).to match I18n.t("two_factor_auth.input_token.label")
+    end
+  end
 
-  describe "#confirm_and_activate_2fa"
+  describe "#confirm_and_activate_2fa" do
+    before do
+      create_otp_token
+    end
+    it "redirects back to confirm when token was wrong" do
+      post :confirm_and_activate_2fa, params: {user: {code: "not valid token"}}
+      expect(response.location).to match confirm_two_factor_authentication_path
+      expect(flash[:alert]).to match I18n.t("two_factor_auth.flash.error_token")
+    end
+    it "redirects to #recovery_codes when token was correct" do
+      post :confirm_and_activate_2fa, params: {user: {code: @user.current_otp}}
+      expect(response.location).to match recovery_codes_two_factor_authentication_path
+      expect(flash[:notice]).to match I18n.t("two_factor_auth.flash.success_activation")
+    end
+  end
 
-  describe "recovery_codes"
+  describe "#recovery_codes" do
+    before do
+      activate_2fa
+    end
+    it "shows recovery codes page" do
+      get :recovery_codes
+      expect(response.body).to match I18n.t("two_factor_auth.recovery.title")
+      expect(@user).to have_attributes(otp_required_for_login: true)
+    end
+  end
 
-  describe "#destroy"
+  describe "#destroy" do
+    before do
+      activate_2fa
+    end
+    it "deactivates 2fa if token is correct" do
+      delete :destroy, params: {two_factor_authentication: {code: @user.current_otp}}
+      expect(response).to be_redirect
+      expect(flash[:notice]).to match I18n.t("two_factor_auth.flash.success_deactivation")
+    end
+
+    it "does nothing if token is wrong" do
+      delete :destroy, params: {two_factor_authentication: {code: "a wrong code"}}
+      expect(response).to be_redirect
+      expect(flash[:alert]).to match I18n.t("two_factor_auth.flash.error_token")
+    end
+  end
+
+  def create_otp_token
+    @user.otp_secret = User.generate_otp_secret(32)
+    @user.save!
+  end
+
+  def confirm_activation
+    @user.otp_required_for_login = true
+    @user.save!
+  end
+
+  def activate_2fa
+    create_otp_token
+    confirm_activation
+  end
 end
