forked from mstdn/mastodon
67dea31b0f
* Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
47 lines
1.3 KiB
Ruby
47 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
describe Settings::TwoFactorAuthentication::ConfirmationsController do
|
|
render_views
|
|
|
|
let(:user) { Fabricate(:user) }
|
|
before do
|
|
user.otp_secret = User.generate_otp_secret(32)
|
|
user.save!
|
|
|
|
sign_in user, scope: :user
|
|
end
|
|
|
|
describe 'GET #new' do
|
|
it 'returns http success' do
|
|
get :new
|
|
|
|
expect(response).to have_http_status(:success)
|
|
expect(response).to render_template(:new)
|
|
end
|
|
end
|
|
|
|
describe 'POST #create' do
|
|
describe 'when creation succeeds' do
|
|
it 'renders page with success' do
|
|
allow_any_instance_of(User).to receive(:validate_and_consume_otp!).with('123456').and_return(true)
|
|
|
|
post :create, params: { form_two_factor_confirmation: { code: '123456' } }
|
|
expect(response).to have_http_status(:success)
|
|
expect(response).to render_template('settings/two_factor_authentication/recovery_codes/index')
|
|
end
|
|
end
|
|
|
|
describe 'when creation fails' do
|
|
it 'renders the new view' do
|
|
allow_any_instance_of(User).to receive(:validate_and_consume_otp!).with('123456').and_return(false)
|
|
|
|
post :create, params: { form_two_factor_confirmation: { code: '123456' } }
|
|
expect(response).to have_http_status(:success)
|
|
expect(response).to render_template(:new)
|
|
end
|
|
end
|
|
end
|
|
end
|