Fix `RSpec/LetSetup` cop in auth controller specs (#28464)

.rubocop_todo.yml

@@ -47,9 +47,6 @@ RSpec/ExampleLength:
 
 RSpec/LetSetup:
   Exclude:
-    - 'spec/controllers/auth/confirmations_controller_spec.rb'
-    - 'spec/controllers/auth/passwords_controller_spec.rb'
-    - 'spec/controllers/auth/sessions_controller_spec.rb'
     - 'spec/models/account_statuses_cleanup_policy_spec.rb'
     - 'spec/models/status_spec.rb'
     - 'spec/services/activitypub/fetch_featured_collection_service_spec.rb'

spec/controllers/auth/confirmations_controller_spec.rb

@@ -41,8 +41,9 @@ describe Auth::ConfirmationsController do
         get :show, params: { confirmation_token: 'foobar' }
       end
 
-      it 'redirects to login' do
+      it 'redirects to login and confirms user' do
         expect(response).to redirect_to(new_user_session_path)
+        expect(user.reload.confirmed_at).to_not be_nil
       end
     end
 
@@ -87,8 +88,9 @@ describe Auth::ConfirmationsController do
         get :show, params: { confirmation_token: 'foobar' }
       end
 
-      it 'redirects to login' do
+      it 'redirects to login and confirms email' do
         expect(response).to redirect_to(new_user_session_path)
+        expect(user.reload.unconfirmed_email).to be_nil
       end
 
       it 'does not queue up bootstrapping of home timeline' do

spec/controllers/auth/passwords_controller_spec.rb

@@ -70,6 +70,7 @@ describe Auth::PasswordsController do
 
       it 'deactivates all sessions' do
         expect(user.session_activations.count).to eq 0
+        expect { session_activation.reload }.to raise_error(ActiveRecord::RecordNotFound)
       end
 
       it 'revokes all access tokens' do
@@ -78,6 +79,7 @@ describe Auth::PasswordsController do
 
       it 'removes push subscriptions' do
         expect(Web::PushSubscription.where(user: user).or(Web::PushSubscription.where(access_token: access_token)).count).to eq 0
+        expect { web_push_subscription.reload }.to raise_error(ActiveRecord::RecordNotFound)
       end
     end
 

spec/controllers/auth/sessions_controller_spec.rb

@@ -123,9 +123,8 @@ RSpec.describe Auth::SessionsController do
         let(:previous_ip) { '1.2.3.4' }
         let(:current_ip)  { '4.3.2.1' }
 
-        let!(:previous_login) { Fabricate(:login_activity, user: user, ip: previous_ip) }
-
         before do
+          Fabricate(:login_activity, user: user, ip: previous_ip)
           allow(controller.request).to receive(:remote_ip).and_return(current_ip)
           user.update(current_sign_in_at: 1.month.ago)
           post :create, params: { user: { email: user.email, password: user.password } }
@@ -328,12 +327,6 @@ RSpec.describe Auth::SessionsController do
           Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
         end
 
-        let!(:recovery_codes) do
-          codes = user.generate_otp_backup_codes!
-          user.save
-          return codes
-        end
-
         let!(:webauthn_credential) do
           user.update(webauthn_id: WebAuthn.generate_user_id)
           public_key_credential = WebAuthn::Credential.from_create(fake_client.create)
@@ -356,6 +349,11 @@ RSpec.describe Auth::SessionsController do
 
         let(:fake_credential) { fake_client.get(challenge: challenge, sign_count: sign_count) }
 
+        before do
+          user.generate_otp_backup_codes!
+          user.save
+        end
+
         context 'when using email and password' do
           before do
             post :create, params: { user: { email: user.email, password: user.password } }