diff options
author | lislis <lislis@users.noreply.github.com> | 2019-04-28 20:06:48 +0300 |
---|---|---|
committer | Jonne Haß <jonne.hass@offerista.com> | 2019-04-29 00:24:40 +0300 |
commit | 9d5b981809435b05b06e300a5495a71085e89882 (patch) | |
tree | 6b03923c4563dac958f9dbf1c5cfe112747b4d2f /features | |
parent | 3f74a759b3313a65fc00d2e9bc9368a4236ab0cb (diff) |
Two factor authentication (#7751)
Diffstat (limited to 'features')
-rw-r--r-- | features/desktop/change_password.feature | 3 | ||||
-rw-r--r-- | features/desktop/two_factor_authentication.feature | 90 | ||||
-rw-r--r-- | features/mobile/change_password.feature | 5 | ||||
-rw-r--r-- | features/step_definitions/two_factor_steps.rb | 67 | ||||
-rw-r--r-- | features/support/paths.rb | 2 |
5 files changed, 162 insertions, 5 deletions
diff --git a/features/desktop/change_password.feature b/features/desktop/change_password.feature index f37ebe045..7b30014ec 100644 --- a/features/desktop/change_password.feature +++ b/features/desktop/change_password.feature @@ -29,8 +29,7 @@ Feature: Change password When I follow the "Change my password" link from the last sent email When I fill out the password reset form with "supersecret" and "supersecret" And I submit the password reset form - Then I should be on the stream page - And I sign out manually + Then I should be on the new user session page And I sign in manually as "georges_abitbol" with password "supersecret" Then I should be on the stream page diff --git a/features/desktop/two_factor_authentication.feature b/features/desktop/two_factor_authentication.feature new file mode 100644 index 000000000..ae8e2d2ef --- /dev/null +++ b/features/desktop/two_factor_authentication.feature @@ -0,0 +1,90 @@ +# frozen_string_literal: true +@javascript +Feature: Two-factor autentication + + Scenario: Activate 2fa + Given a user with email "alice@test.com" + When I sign in as "alice@test.com" + When I go to the two-factor authentication page + And I press "Activate" + Then I should see "Confirm activation" + When I scan the QR code and fill in a valid TOTP token for "alice@test.com" + And I press "Confirm and activate" + Then I should see "Two-factor authentication activated" + And I should see "Recovery codes" + When I confirm activation + Then I should see "Two-factor authentication activated" + And I should see "Deactivate" + + Scenario: Signing in with 2fa activated and correct token + Given a user with username "alice" and password "secret" + And 2fa is activated for "alice" + When I go to the login page + And I fill in username "alice" and password "secret" + And press "Sign in" + Then I should see "Two-factor authentication" + When I fill in a valid TOTP token for "alice" + And I press "Sign in" + Then I should be on the stream page + + Scenario: Trying to sign in with 2fa activated and incorrect token + Given a user with username "alice" and password "secret" + And 2fa is activated for "alice" + When I go to the login page + And I fill in username "alice" and password "secret" + And press "Sign in" + Then I should see "Two-factor authentication" + When I fill in an invalid TOTP token + And I press "Sign in" + Then I should see "Two-factor authentication" + + Scenario: Signing in with 2fa activated and a recovery code + Given a user with username "alice" and password "secret" + And 2fa is activated for "alice" + When I go to the login page + And I fill in username "alice" and password "secret" + And press "Sign in" + Then I should see "Two-factor authentication" + When I fill in a recovery code from "alice" + And I press "Sign in" + Then I should be on the stream page + + Scenario: Regenerating recovery codes + Given a user with email "alice@test.com" + When I sign in as "alice@test.com" + And 2fa is activated for "alice@test.com" + When I go to the two-factor authentication page + Then I should see "Generate new recovery codes" + When I press the recovery code generate button + Then I should see a list of recovery codes + + Scenario: Deactivating 2fa with correct token + Given a user with email "alice@test.com" + When I sign in as "alice@test.com" + And 2fa is activated for "alice@test.com" + When I go to the two-factor authentication page + Then I should see "Deactivate" + When I fill in a valid TOTP token to deactivate for "alice@test.com" + And I press "Deactivate" + Then I should see "Two-factor authentication not activated" + + Scenario: Deactivating 2fa with recovery token + Given a user with email "alice@test.com" + When I sign in as "alice@test.com" + And 2fa is activated for "alice@test.com" + When I go to the two-factor authentication page + Then I should see "Deactivate" + When I fill in a recovery code to deactivate from "alice@test.com" + And I press "Deactivate" + Then I should see "Two-factor authentication not activated" + + Scenario: Trying to deactivate with incorrect token + Given a user with email "alice@test.com" + When I sign in as "alice@test.com" + And 2fa is activated for "alice@test.com" + When I go to the two-factor authentication page + Then I should see "Deactivate" + When I fill in an invalid TOTP token to deactivate + And I press "Deactivate" + Then I should see "Two-factor authentication activated" + And I should see "Deactivate" diff --git a/features/mobile/change_password.feature b/features/mobile/change_password.feature index f30edb215..f3bcdb445 100644 --- a/features/mobile/change_password.feature +++ b/features/mobile/change_password.feature @@ -31,9 +31,8 @@ Feature: Change password When I follow the "Change my password" link from the last sent email And I fill out the password reset form with "supersecret" and "supersecret" And I submit the password reset form - Then I should be on the stream page - When I sign out - And I go to the login page + Then I should be on the new user session page + When I go to the login page And I sign in manually as "georges_abitbol" with password "supersecret" on the mobile website Then I should be on the stream page diff --git a/features/step_definitions/two_factor_steps.rb b/features/step_definitions/two_factor_steps.rb new file mode 100644 index 000000000..7b5ab2319 --- /dev/null +++ b/features/step_definitions/two_factor_steps.rb @@ -0,0 +1,67 @@ +# frozen_string_literal: true + +When /^I scan the QR code and fill in a valid TOTP token for "([^"]*)"$/ do |email| + @me = find_user email + fill_in "user_code", with: @me.current_otp +end + +When /^I fill in a valid TOTP token for "([^"]*)"$/ do |username| + @me = find_user username + fill_in "user_otp_attempt", with: @me.current_otp +end + +When /^I fill in an invalid TOTP token$/ do + fill_in "user_otp_attempt", with: "c0ffee" +end + +When /^I fill in a valid TOTP token to deactivate for "([^"]*)"$/ do |username| + @me = find_user username + fill_in "two_factor_authentication_code", with: @me.current_otp +end + +When /^I fill in an invalid TOTP token to deactivate$/ do + fill_in "two_factor_authentication_code", with: "c0ffee" +end + +When /^I fill in a recovery code from "([^"]*)"$/ do |username| + @me = find_user username + @codes = @me.generate_otp_backup_codes! + @me.save! + fill_in "user_otp_attempt", with: @codes.first +end + +When /^I fill in a recovery code to deactivate from "([^"]*)"$/ do |username| + @me = find_user username + @codes = @me.generate_otp_backup_codes! + @me.save! + fill_in "two_factor_authentication_code", with: @codes.first +end + +When /^I confirm activation$/ do + find(".btn-primary", match: :first).click +end + +When /^2fa is activated for "([^"]*)"$/ do |username| + @me = find_user username + @me.otp_secret = User.generate_otp_secret(32) + @me.otp_required_for_login = true + @me.save! +end + +When /^I fill in username "([^"]*)" and password "([^"]*)"$/ do |username, password| + fill_in "user_username", with: username + fill_in "user_password", with: password +end + +Then /^I should see a list of recovery codes$/ do + find(".recovery-codes", match: :first) + find(".recovery-codes li samp", match: :first) +end + +When /^I press the recovery code generate button$/ do + find(".btn-default", match: :first).click +end + +def find_user(username) + User.find_by(username: username) || User.find_by(email: username) +end diff --git a/features/support/paths.rb b/features/support/paths.rb index a486ef245..7962fe17d 100644 --- a/features/support/paths.rb +++ b/features/support/paths.rb @@ -40,6 +40,8 @@ module NavigationHelpers edit_user_path when /^forgot password page$/ new_user_password_path + when /^the two-factor authentication page$/ + two_factor_authentication_path when %r{^"(/.*)"} Regexp.last_match(1) else |