2019-09-18 14:37:27 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
require 'rails_helper'
|
|
|
|
|
|
2023-05-04 03:49:53 +00:00
|
|
|
RSpec.describe ChallengableConcern do
|
2019-09-18 14:37:27 +00:00
|
|
|
controller(ApplicationController) do
|
|
|
|
|
include ChallengableConcern
|
|
|
|
|
|
|
|
|
|
before_action :require_challenge!
|
|
|
|
|
|
|
|
|
|
def foo
|
|
|
|
|
render plain: 'foo'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def bar
|
|
|
|
|
render plain: 'bar'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
before do
|
|
|
|
|
routes.draw do
|
|
|
|
|
get 'foo' => 'anonymous#foo'
|
|
|
|
|
post 'bar' => 'anonymous#bar'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with a no-password user' do
|
|
|
|
|
let(:user) { Fabricate(:user, external: true, password: nil) }
|
|
|
|
|
|
|
|
|
|
before do
|
|
|
|
|
sign_in user
|
|
|
|
|
end
|
|
|
|
|
|
2023-05-04 03:49:08 +00:00
|
|
|
context 'with GET requests' do
|
2019-09-18 14:37:27 +00:00
|
|
|
before { get :foo }
|
|
|
|
|
|
|
|
|
|
it 'does not ask for password' do
|
|
|
|
|
expect(response.body).to eq 'foo'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2023-05-04 03:49:08 +00:00
|
|
|
context 'with POST requests' do
|
2019-09-18 14:37:27 +00:00
|
|
|
before { post :bar }
|
|
|
|
|
|
|
|
|
|
it 'does not ask for password' do
|
|
|
|
|
expect(response.body).to eq 'bar'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with recent challenge in session' do
|
|
|
|
|
let(:password) { 'foobar12345' }
|
|
|
|
|
let(:user) { Fabricate(:user, password: password) }
|
|
|
|
|
|
|
|
|
|
before do
|
|
|
|
|
sign_in user
|
|
|
|
|
end
|
|
|
|
|
|
2023-05-04 03:49:08 +00:00
|
|
|
context 'with GET requests' do
|
2019-09-18 14:37:27 +00:00
|
|
|
before { get :foo, session: { challenge_passed_at: Time.now.utc } }
|
|
|
|
|
|
|
|
|
|
it 'does not ask for password' do
|
|
|
|
|
expect(response.body).to eq 'foo'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2023-05-04 03:49:08 +00:00
|
|
|
context 'with POST requests' do
|
2019-09-18 14:37:27 +00:00
|
|
|
before { post :bar, session: { challenge_passed_at: Time.now.utc } }
|
|
|
|
|
|
|
|
|
|
it 'does not ask for password' do
|
|
|
|
|
expect(response.body).to eq 'bar'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with a password user' do
|
|
|
|
|
let(:password) { 'foobar12345' }
|
|
|
|
|
let(:user) { Fabricate(:user, password: password) }
|
|
|
|
|
|
|
|
|
|
before do
|
|
|
|
|
sign_in user
|
|
|
|
|
end
|
|
|
|
|
|
2023-05-04 03:49:08 +00:00
|
|
|
context 'with GET requests' do
|
2019-09-18 14:37:27 +00:00
|
|
|
before { get :foo }
|
|
|
|
|
|
|
|
|
|
it 'renders challenge' do
|
2023-11-29 10:38:05 +00:00
|
|
|
expect(response).to render_template('auth/challenges/new', layout: :auth)
|
2019-09-18 14:37:27 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# See Auth::ChallengesControllerSpec
|
|
|
|
|
end
|
|
|
|
|
|
2023-05-04 03:49:08 +00:00
|
|
|
context 'with POST requests' do
|
2019-09-18 14:37:27 +00:00
|
|
|
before { post :bar }
|
|
|
|
|
|
|
|
|
|
it 'renders challenge' do
|
2023-11-29 10:38:05 +00:00
|
|
|
expect(response).to render_template('auth/challenges/new', layout: :auth)
|
2019-09-18 14:37:27 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'accepts correct password' do
|
|
|
|
|
post :bar, params: { form_challenge: { current_password: password } }
|
|
|
|
|
expect(response.body).to eq 'bar'
|
|
|
|
|
expect(session[:challenge_passed_at]).to_not be_nil
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'rejects wrong password' do
|
|
|
|
|
post :bar, params: { form_challenge: { current_password: 'dddfff888123' } }
|
2023-11-29 10:38:05 +00:00
|
|
|
expect(response.body).to render_template('auth/challenges/new', layout: :auth)
|
2019-09-18 14:37:27 +00:00
|
|
|
expect(session[:challenge_passed_at]).to be_nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
