random-mirrors/gab-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Gab Social. All are welcome.

Browse Source
This commit is contained in:
robcolbert
2019-07-02 03:10:25 -04:00
commit bd0b5afc92
5366 changed files with 222812 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

187
spec/controllers/settings/applications_controller_spec.rb Normal file
View File

@@ -0,0 +1,187 @@
require 'rails_helper'
describe Settings::ApplicationsController do
render_views
let!(:user) { Fabricate(:user) }
let!(:app) { Fabricate(:application, owner: user) }
before do
sign_in user, scope: :user
end
describe 'GET #index' do
let!(:other_app) { Fabricate(:application) }
it 'shows apps' do
get :index
expect(response).to have_http_status(200)
expect(assigns(:applications)).to include(app)
expect(assigns(:applications)).to_not include(other_app)
end
end
describe 'GET #show' do
it 'returns http success' do
get :show, params: { id: app.id }
expect(response).to have_http_status(200)
expect(assigns[:application]).to eql(app)
end
it 'returns 404 if you dont own app' do
app.update!(owner: nil)
get :show, params: { id: app.id }
expect(response.status).to eq 404
end
end
describe 'GET #new' do
it 'works' do
get :new
expect(response).to have_http_status(200)
end
end
describe 'POST #create' do
context 'success (passed scopes as a String)' do
def call_create
post :create, params: {
doorkeeper_application: {
name: 'My New App',
redirect_uri: 'urn:ietf:wg:oauth:2.0:oob',
website: 'http://google.com',
scopes: 'read write follow'
}
}
response
end
it 'creates an entry in the database' do
expect { call_create }.to change(Doorkeeper::Application, :count)
end
it 'redirects back to applications page' do
expect(call_create).to redirect_to(settings_applications_path)
end
end
context 'success (passed scopes as an Array)' do
def call_create
post :create, params: {
doorkeeper_application: {
name: 'My New App',
redirect_uri: 'urn:ietf:wg:oauth:2.0:oob',
website: 'http://google.com',
scopes: [ 'read', 'write', 'follow' ]
}
}
response
end
it 'creates an entry in the database' do
expect { call_create }.to change(Doorkeeper::Application, :count)
end
it 'redirects back to applications page' do
expect(call_create).to redirect_to(settings_applications_path)
end
end
context 'failure' do
before do
post :create, params: {
doorkeeper_application: {
name: '',
redirect_uri: '',
website: '',
scopes: []
}
}
end
it 'returns http success' do
expect(response).to have_http_status(200)
end
it 'renders form again' do
expect(response).to render_template(:new)
end
end
end
describe 'PATCH #update' do
context 'success' do
let(:opts) {
{
website: 'https://foo.bar/'
}
}
def call_update
patch :update, params: {
id: app.id,
doorkeeper_application: opts
}
response
end
it 'updates existing application' do
call_update
expect(app.reload.website).to eql(opts[:website])
end
it 'redirects back to applications page' do
expect(call_update).to redirect_to(settings_applications_path)
end
end
context 'failure' do
before do
patch :update, params: {
id: app.id,
doorkeeper_application: {
name: '',
redirect_uri: '',
website: '',
scopes: []
}
}
end
it 'returns http success' do
expect(response).to have_http_status(200)
end
it 'renders form again' do
expect(response).to render_template(:show)
end
end
end
describe 'destroy' do
before do
post :destroy, params: { id: app.id }
end
it 'redirects back to applications page' do
expect(response).to redirect_to(settings_applications_path)
end
it 'removes the app' do
expect(Doorkeeper::Application.find_by(id: app.id)).to be_nil
end
end
describe 'regenerate' do
let(:token) { user.token_for_app(app) }
before do
expect(token).to_not be_nil
post :regenerate, params: { id: app.id }
end
it 'should create new token' do
expect(user.token_for_app(app)).to_not eql(token)
end
end
end

86
spec/controllers/settings/deletes_controller_spec.rb Normal file
View File

@@ -0,0 +1,86 @@
require 'rails_helper'
describe Settings::DeletesController do
render_views
describe 'GET #show' do
context 'when signed in' do
let(:user) { Fabricate(:user) }
before do
sign_in user, scope: :user
end
it 'renders confirmation page' do
get :show
expect(response).to have_http_status(200)
end
end
context 'when not signed in' do
it 'redirects' do
get :show
expect(response).to redirect_to '/auth/sign_in'
end
end
end
describe 'DELETE #destroy' do
context 'when signed in' do
let(:user) { Fabricate(:user, password: 'petsmoldoggos') }
before do
sign_in user, scope: :user
end
context 'with correct password' do
before do
delete :destroy, params: { form_delete_confirmation: { password: 'petsmoldoggos' } }
end
it 'redirects to sign in page' do
expect(response).to redirect_to '/auth/sign_in'
end
it 'removes user record' do
expect(User.find_by(id: user.id)).to be_nil
end
it 'marks account as suspended' do
expect(user.account.reload).to be_suspended
end
end
context 'with incorrect password' do
before do
delete :destroy, params: { form_delete_confirmation: { password: 'blaze420' } }
end
it 'redirects back to confirmation page' do
expect(response).to redirect_to settings_delete_path
end
end
end
context 'when not signed in' do
it 'redirects' do
delete :destroy
expect(response).to redirect_to '/auth/sign_in'
end
end
context do
around do |example|
open_deletion = Setting.open_deletion
example.run
Setting.open_deletion = open_deletion
end
it 'redirects' do
Setting.open_deletion = false
delete :destroy
expect(response).to redirect_to root_path
end
end
end
end

17
spec/controllers/settings/exports/blocked_accounts_controller_spec.rb Normal file
View File

@@ -0,0 +1,17 @@
require 'rails_helper'
describe Settings::Exports::BlockedAccountsController do
render_views
describe 'GET #index' do
it 'returns a csv of the blocking accounts' do
user = Fabricate(:user)
user.account.block!(Fabricate(:account, username: 'username', domain: 'domain'))
sign_in user, scope: :user
get :index, format: :csv
expect(response.body).to eq "username@domain\n"
end
end
end

17
spec/controllers/settings/exports/following_accounts_controller_spec.rb Normal file
View File

@@ -0,0 +1,17 @@
require 'rails_helper'
describe Settings::Exports::FollowingAccountsController do
render_views
describe 'GET #index' do
it 'returns a csv of the following accounts' do
user = Fabricate(:user)
user.account.follow!(Fabricate(:account, username: 'username', domain: 'domain'))
sign_in user, scope: :user
get :index, format: :csv
expect(response.body).to eq "Account address,Show reposts\nusername@domain,true\n"
end
end
end

17
spec/controllers/settings/exports/muted_accounts_controller_spec.rb Normal file
View File

@@ -0,0 +1,17 @@
require 'rails_helper'
describe Settings::Exports::MutedAccountsController do
render_views
describe 'GET #index' do
it 'returns a csv of the muting accounts' do
user = Fabricate(:user)
user.account.mute!(Fabricate(:account, username: 'username', domain: 'domain'))
sign_in user, scope: :user
get :index, format: :csv
expect(response.body).to eq "Account address,Hide notifications\nusername@domain,true\n"
end
end
end

52
spec/controllers/settings/exports_controller_spec.rb Normal file
View File

@@ -0,0 +1,52 @@
# frozen_string_literal: true
require 'rails_helper'
describe Settings::ExportsController do
render_views
describe 'GET #show' do
context 'when signed in' do
let(:user) { Fabricate(:user) }
before do
sign_in user, scope: :user
end
it 'renders export' do
get :show
export = assigns(:export)
expect(export).to be_instance_of Export
expect(export.account).to eq user.account
expect(response).to have_http_status(200)
end
end
context 'when not signed in' do
it 'redirects' do
get :show
expect(response).to redirect_to '/auth/sign_in'
end
end
end
describe 'POST #create' do
before do
sign_in Fabricate(:user), scope: :user
end
it 'redirects to settings_export_path' do
post :create
expect(response).to redirect_to(settings_export_path)
end
it 'queues BackupWorker job by 1' do
Sidekiq::Testing.fake! do
expect do
post :create
end.to change(BackupWorker.jobs, :size).by(1)
end
end
end
end

168
spec/controllers/settings/identity_proofs_controller_spec.rb Normal file
View File

@@ -0,0 +1,168 @@
require 'rails_helper'
describe Settings::IdentityProofsController do
include RoutingHelper
render_views
let(:user) { Fabricate(:user) }
let(:valid_token) { '1'*66 }
let(:kbname) { 'kbuser' }
let(:provider) { 'keybase' }
let(:findable_id) { Faker::Number.number(5) }
let(:unfindable_id) { Faker::Number.number(5) }
let(:new_proof_params) do
{ provider: provider, provider_username: kbname, token: valid_token, username: user.account.username }
end
let(:status_text) { "i just proved that i am also #{kbname} on #{provider}." }
let(:status_posting_params) do
{ post_status: '0', status_text: status_text }
end
let(:postable_params) do
{ account_identity_proof: new_proof_params.merge(status_posting_params) }
end
before do
allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:status) { { 'proof_valid' => true, 'proof_live' => true } }
sign_in user, scope: :user
end
describe 'new proof creation' do
context 'GET #new' do
before do
allow_any_instance_of(ProofProvider::Keybase::Badge).to receive(:avatar_url) { full_pack_url('media/images/void.png') }
end
context 'with all of the correct params' do
it 'renders the template' do
get :new, params: new_proof_params
expect(response).to render_template(:new)
end
end
context 'without any params' do
it 'redirects to :index' do
get :new, params: {}
expect(response).to redirect_to settings_identity_proofs_path
end
end
context 'with params to prove a different, not logged-in user' do
let(:wrong_user_params) { new_proof_params.merge(username: 'someone_else') }
it 'shows a helpful alert' do
get :new, params: wrong_user_params
expect(flash[:alert]).to eq I18n.t('identity_proofs.errors.wrong_user', proving: 'someone_else', current: user.account.username)
end
end
context 'with params to prove the same username cased differently' do
let(:capitalized_username) { new_proof_params.merge(username: user.account.username.upcase) }
it 'renders the new template' do
get :new, params: capitalized_username
expect(response).to render_template(:new)
end
end
end
context 'POST #create' do
context 'when saving works' do
before do
allow(ProofProvider::Keybase::Worker).to receive(:perform_async)
allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { true }
allow_any_instance_of(AccountIdentityProof).to receive(:on_success_path) { root_url }
end
it 'serializes a ProofProvider::Keybase::Worker' do
expect(ProofProvider::Keybase::Worker).to receive(:perform_async)
post :create, params: postable_params
end
it 'delegates redirection to the proof provider' do
expect_any_instance_of(AccountIdentityProof).to receive(:on_success_path)
post :create, params: postable_params
expect(response).to redirect_to root_url
end
it 'does not post a status' do
expect(PostStatusService).not_to receive(:new)
post :create, params: postable_params
end
context 'and the user has requested to post a status' do
let(:postable_params_with_status) do
postable_params.tap { |p| p[:account_identity_proof][:post_status] = '1' }
end
it 'posts a status' do
expect_any_instance_of(PostStatusService).to receive(:call).with(user.account, text: status_text)
post :create, params: postable_params_with_status
end
end
end
context 'when saving fails' do
before do
allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { false }
end
it 'redirects to :index' do
post :create, params: postable_params
expect(response).to redirect_to settings_identity_proofs_path
end
it 'flashes a helpful message' do
post :create, params: postable_params
expect(flash[:alert]).to eq I18n.t('identity_proofs.errors.failed', provider: 'Keybase')
end
end
context 'it can also do an update if the provider and username match an existing proof' do
before do
allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { true }
allow(ProofProvider::Keybase::Worker).to receive(:perform_async)
Fabricate(:account_identity_proof, account: user.account, provider: provider, provider_username: kbname)
allow_any_instance_of(AccountIdentityProof).to receive(:on_success_path) { root_url }
end
it 'calls update with the new token' do
expect_any_instance_of(AccountIdentityProof).to receive(:save) do |proof|
expect(proof.token).to eq valid_token
end
post :create, params: postable_params
end
end
end
end
describe 'GET #index' do
context 'with no existing proofs' do
it 'shows the helpful explanation' do
get :index
expect(response.body).to match I18n.t('identity_proofs.explanation_html')
end
end
context 'with two proofs' do
before do
allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { true }
@proof1 = Fabricate(:account_identity_proof, account: user.account)
@proof2 = Fabricate(:account_identity_proof, account: user.account)
allow_any_instance_of(AccountIdentityProof).to receive(:badge) { double(avatar_url: '', profile_url: '', proof_url: '') }
allow_any_instance_of(AccountIdentityProof).to receive(:refresh!) { }
end
it 'has the first proof username on the page' do
get :index
expect(response.body).to match /#{Regexp.quote(@proof1.provider_username)}/
end
it 'has the second proof username on the page' do
get :index
expect(response.body).to match /#{Regexp.quote(@proof2.provider_username)}/
end
end
end
end

44
spec/controllers/settings/imports_controller_spec.rb Normal file
View File

@@ -0,0 +1,44 @@
require 'rails_helper'
RSpec.describe Settings::ImportsController, type: :controller do
render_views
before do
sign_in Fabricate(:user), scope: :user
end
describe "GET #show" do
it "returns http success" do
get :show
expect(response).to have_http_status(200)
end
end
describe 'POST #create' do
it 'redirects to settings path with successful following import' do
service = double(call: nil)
allow(ResolveAccountService).to receive(:new).and_return(service)
post :create, params: {
import: {
type: 'following',
data: fixture_file_upload('files/imports.txt')
}
}
expect(response).to redirect_to(settings_import_path)
end
it 'redirects to settings path with successful blocking import' do
service = double(call: nil)
allow(ResolveAccountService).to receive(:new).and_return(service)
post :create, params: {
import: {
type: 'blocking',
data: fixture_file_upload('files/imports.txt')
}
}
expect(response).to redirect_to(settings_import_path)
end
end
end

77
spec/controllers/settings/migrations_controller_spec.rb Normal file
View File

@@ -0,0 +1,77 @@
require 'rails_helper'
describe Settings::MigrationsController do
render_views
shared_examples 'authenticate user' do
it 'redirects to sign_in page' do
is_expected.to redirect_to new_user_session_path
end
end
describe 'GET #show' do
context 'when user is not sign in' do
subject { get :show }
it_behaves_like 'authenticate user'
end
context 'when user is sign in' do
subject { get :show }
let(:user) { Fabricate(:user, account: account) }
let(:account) { Fabricate(:account, moved_to_account: moved_to_account) }
before { sign_in user, scope: :user }
context 'when user does not have moved to account' do
let(:moved_to_account) { nil }
it 'renders show page' do
is_expected.to have_http_status 200
is_expected.to render_template :show
end
end
context 'when user does not have moved to account' do
let(:moved_to_account) { Fabricate(:account) }
it 'renders show page' do
is_expected.to have_http_status 200
is_expected.to render_template :show
end
end
end
end
describe 'PUT #update' do
context 'when user is not sign in' do
subject { put :update }
it_behaves_like 'authenticate user'
end
context 'when user is sign in' do
subject { put :update, params: { migration: { acct: acct } } }
let(:user) { Fabricate(:user) }
before { sign_in user, scope: :user }
context 'when migration account is changed' do
let(:acct) { Fabricate(:account) }
it 'updates moved to account' do
is_expected.to redirect_to settings_migration_path
expect(user.account.reload.moved_to_account_id).to eq acct.id
end
end
context 'when acct is a current account' do
let(:acct) { user.account }
it 'renders show' do
is_expected.to render_template :show
end
end
end
end
end

37
spec/controllers/settings/notifications_controller_spec.rb Normal file
View File

@@ -0,0 +1,37 @@
require 'rails_helper'
describe Settings::NotificationsController do
render_views
let(:user) { Fabricate(:user) }
before do
sign_in user, scope: :user
end
describe 'GET #show' do
it 'returns http success' do
get :show
expect(response).to have_http_status(200)
end
end
describe 'PUT #update' do
it 'updates notifications settings' do
user.settings['notification_emails'] = user.settings['notification_emails'].merge('follow' => false)
user.settings['interactions'] = user.settings['interactions'].merge('must_be_follower' => true)
put :update, params: {
user: {
notification_emails: { follow: '1' },
interactions: { must_be_follower: '0' },
}
}
expect(response).to redirect_to(settings_notifications_path)
user.reload
expect(user.settings['notification_emails']['follow']).to be true
expect(user.settings['interactions']['must_be_follower']).to be false
end
end
end

46
spec/controllers/settings/preferences_controller_spec.rb Normal file
View File

@@ -0,0 +1,46 @@
require 'rails_helper'
describe Settings::PreferencesController do
render_views
let(:user) { Fabricate(:user, filtered_languages: []) }
before do
sign_in user, scope: :user
end
describe 'GET #show' do
it 'returns http success' do
get :show
expect(response).to have_http_status(200)
end
end
describe 'PUT #update' do
it 'updates the user record' do
put :update, params: { user: { locale: 'en', chosen_languages: ['es', 'fr', ''] } }
expect(response).to redirect_to(settings_preferences_path)
user.reload
expect(user.locale).to eq 'en'
expect(user.chosen_languages).to eq ['es', 'fr']
end
it 'updates user settings' do
user.settings['boost_modal'] = false
user.settings['delete_modal'] = true
put :update, params: {
user: {
setting_boost_modal: '1',
setting_delete_modal: '0',
}
}
expect(response).to redirect_to(settings_preferences_path)
user.reload
expect(user.settings['boost_modal']).to be true
expect(user.settings['delete_modal']).to be false
end
end
end

51
spec/controllers/settings/profiles_controller_spec.rb Normal file
View File

@@ -0,0 +1,51 @@
require 'rails_helper'
RSpec.describe Settings::ProfilesController, type: :controller do
render_views
before do
@user = Fabricate(:user)
sign_in @user, scope: :user
end
describe "GET #show" do
it "returns http success" do
get :show
expect(response).to have_http_status(200)
end
end
describe 'PUT #update' do
it 'updates the user profile' do
allow(ActivityPub::UpdateDistributionWorker).to receive(:perform_async)
account = Fabricate(:account, user: @user, display_name: 'Old name')
put :update, params: { account: { display_name: 'New name' } }
expect(account.reload.display_name).to eq 'New name'
expect(response).to redirect_to(settings_profile_path)
expect(ActivityPub::UpdateDistributionWorker).to have_received(:perform_async).with(account.id)
end
end
describe 'PUT #update with new profile image' do
it 'updates profile image' do
allow(ActivityPub::UpdateDistributionWorker).to receive(:perform_async)
account = Fabricate(:account, user: @user, display_name: 'AvatarTest')
expect(account.avatar.instance.avatar_file_name).to be_nil
put :update, params: { account: { avatar: fixture_file_upload('files/avatar.gif', 'image/gif') } }
expect(response).to redirect_to(settings_profile_path)
expect(account.reload.avatar.instance.avatar_file_name).not_to be_nil
expect(ActivityPub::UpdateDistributionWorker).to have_received(:perform_async).with(account.id)
end
end
describe 'PUT #update with oversized image' do
it 'gives the user an error message' do
allow(ActivityPub::UpdateDistributionWorker).to receive(:perform_async)
account = Fabricate(:account, user: @user, display_name: 'AvatarTest')
put :update, params: { account: { avatar: fixture_file_upload('files/4096x4097.png', 'image/png') } }
expect(response.body).to include('images are not supported')
end
end
end

30
spec/controllers/settings/sessions_controller_spec.rb Normal file
View File

@@ -0,0 +1,30 @@
require 'rails_helper'
describe Settings::SessionsController do
render_views
let(:user) { Fabricate(:user) }
let(:session_activation) { Fabricate(:session_activation, user: user) }
before { sign_in user, scope: :user }
describe 'DELETE #destroy' do
subject { delete :destroy, params: { id: id } }
context 'when session activation exists' do
let(:id) { session_activation.id }
it 'destroys session activation' do
is_expected.to redirect_to edit_user_registration_path
expect(SessionActivation.find_by(id: id)).to be_nil
end
end
context 'when session activation does not exist' do
let(:id) { session_activation.id + 1000 }
it 'destroys session activation' do
is_expected.to have_http_status :not_found
end
end
end
end

106
spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb Normal file
View File

@@ -0,0 +1,106 @@
# frozen_string_literal: true
require 'rails_helper'
describe Settings::TwoFactorAuthentication::ConfirmationsController do
render_views
let(:user) { Fabricate(:user, email: 'local-part@domain', otp_secret: 'thisisasecretforthespecofnewview') }
let(:user_without_otp_secret) { Fabricate(:user, email: 'local-part@domain') }
shared_examples 'renders :new' do
it 'renders the new view' do
subject
expect(assigns(:confirmation)).to be_instance_of Form::TwoFactorConfirmation
expect(assigns(:provision_url)).to eq 'otpauth://totp/local-part@domain?secret=thisisasecretforthespecofnewview&issuer=cb6e6126.ngrok.io'
expect(assigns(:qrcode)).to be_instance_of RQRCode::QRCode
expect(response).to have_http_status(200)
expect(response).to render_template(:new)
end
end
describe 'GET #new' do
context 'when signed in' do
subject do
sign_in user, scope: :user
get :new
end
include_examples 'renders :new'
end
it 'redirects if not signed in' do
get :new
expect(response).to redirect_to('/auth/sign_in')
end
it 'redirects if user do not have otp_secret' do
sign_in user_without_otp_secret, scope: :user
get :new
expect(response).to redirect_to('/settings/two_factor_authentication')
end
end
describe 'POST #create' do
context 'when signed in' do
before do
sign_in user, scope: :user
end
describe 'when form_two_factor_confirmation parameter is not provided' do
it 'raises ActionController::ParameterMissing' do
expect { post :create, params: {} }.to raise_error(ActionController::ParameterMissing)
end
end
describe 'when creation succeeds' do
it 'renders page with success' do
otp_backup_codes = user.generate_otp_backup_codes!
expect_any_instance_of(User).to receive(:generate_otp_backup_codes!) do |value|
expect(value).to eq user
otp_backup_codes
end
expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
expect(value).to eq user
expect(arg).to eq '123456'
true
end
post :create, params: { form_two_factor_confirmation: { code: '123456' } }
expect(assigns(:recovery_codes)).to eq otp_backup_codes
expect(flash[:notice]).to eq 'Two-factor authentication successfully enabled'
expect(response).to have_http_status(200)
expect(response).to render_template('settings/two_factor_authentication/recovery_codes/index')
end
end
describe 'when creation fails' do
subject do
expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
expect(value).to eq user
expect(arg).to eq '123456'
false
end
post :create, params: { form_two_factor_confirmation: { code: '123456' } }
end
it 'renders the new view' do
subject
expect(response.body).to include 'The entered code was invalid! Are server time and device time correct?'
end
include_examples 'renders :new'
end
end
context 'when not signed in' do
it 'redirects if not signed in' do
post :create, params: { form_two_factor_confirmation: { code: '123456' } }
expect(response).to redirect_to('/auth/sign_in')
end
end
end
end

31
spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb Normal file
View File

@@ -0,0 +1,31 @@
# frozen_string_literal: true
require 'rails_helper'
describe Settings::TwoFactorAuthentication::RecoveryCodesController do
render_views
describe 'POST #create' do
it 'updates the codes and shows them on a view when signed in' do
user = Fabricate(:user)
otp_backup_codes = user.generate_otp_backup_codes!
expect_any_instance_of(User).to receive(:generate_otp_backup_codes!) do |value|
expect(value).to eq user
otp_backup_codes
end
sign_in user, scope: :user
post :create
expect(assigns(:recovery_codes)).to eq otp_backup_codes
expect(flash[:notice]).to eq 'Recovery codes successfully regenerated'
expect(response).to have_http_status(200)
expect(response).to render_template(:index)
end
it 'redirects when not signed in' do
post :create
expect(response).to redirect_to '/auth/sign_in'
end
end
end

124
spec/controllers/settings/two_factor_authentications_controller_spec.rb Normal file
View File

@@ -0,0 +1,124 @@
# frozen_string_literal: true
require 'rails_helper'
describe Settings::TwoFactorAuthenticationsController do
render_views
let(:user) { Fabricate(:user) }
describe 'GET #show' do
context 'when signed in' do
before do
sign_in user, scope: :user
end
describe 'when user requires otp for login already' do
it 'returns http success' do
user.update(otp_required_for_login: true)
get :show
expect(response).to have_http_status(200)
end
end
describe 'when user does not require otp for login' do
it 'returns http success' do
user.update(otp_required_for_login: false)
get :show
expect(response).to have_http_status(200)
end
end
end
context 'when not signed in' do
it 'redirects' do
get :show
expect(response).to redirect_to '/auth/sign_in'
end
end
end
describe 'POST #create' do
context 'when signed in' do
before do
sign_in user, scope: :user
end
describe 'when user requires otp for login already' do
it 'redirects to show page' do
user.update(otp_required_for_login: true)
post :create
expect(response).to redirect_to(settings_two_factor_authentication_path)
end
end
describe 'when creation succeeds' do
it 'updates user secret' do
before = user.otp_secret
post :create
expect(user.reload.otp_secret).not_to eq(before)
expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path)
end
end
end
context 'when not signed in' do
it 'redirects' do
get :show
expect(response).to redirect_to '/auth/sign_in'
end
end
end
describe 'POST #destroy' do
before do
user.update(otp_required_for_login: true)
end
context 'when signed in' do
before do
sign_in user, scope: :user
end
it 'turns off otp requirement with correct code' do
expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
expect(value).to eq user
expect(arg).to eq '123456'
true
end
post :destroy, params: { form_two_factor_confirmation: { code: '123456' } }
expect(response).to redirect_to(settings_two_factor_authentication_path)
user.reload
expect(user.otp_required_for_login).to eq(false)
end
it 'does not turn off otp if code is incorrect' do
expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
expect(value).to eq user
expect(arg).to eq '057772'
false
end
post :destroy, params: { form_two_factor_confirmation: { code: '057772' } }
user.reload
expect(user.otp_required_for_login).to eq(true)
end
it 'raises ActionController::ParameterMissing if code is missing' do
expect { post :destroy }.to raise_error(ActionController::ParameterMissing)
end
end
it 'redirects if not signed in' do
get :show
expect(response).to redirect_to '/auth/sign_in'
end
end
end