diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-17 19:05:49 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-17 19:05:49 +0300 |
| commit | 43a25d93ebdabea52f99b05e15b06250cd8f07d7 (patch) | |
| tree | dceebdc68925362117480a5d672bcff122fb625b /spec/controllers/sessions_controller_spec.rb | |
| parent | 20c84b99005abd1c82101dfeff264ac50d2df211 (diff) | |
Add latest changes from gitlab-org/gitlab@16-0-stable-eev16.0.0-rc42
Diffstat (limited to 'spec/controllers/sessions_controller_spec.rb')
| -rw-r--r-- | spec/controllers/sessions_controller_spec.rb | 48 |
1 files changed, 21 insertions, 27 deletions
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb index 1f7d169bae5..80856512bba 100644 --- a/spec/controllers/sessions_controller_spec.rb +++ b/spec/controllers/sessions_controller_spec.rb @@ -375,8 +375,7 @@ RSpec.describe SessionsController do context 'when OTP is valid for another user' do it 'does not authenticate' do - authenticate_2fa(login: another_user.username, - otp_attempt: another_user.current_otp) + authenticate_2fa(login: another_user.username, otp_attempt: another_user.current_otp) expect(subject.current_user).not_to eq another_user end @@ -384,8 +383,7 @@ RSpec.describe SessionsController do context 'when OTP is invalid for another user' do it 'does not authenticate' do - authenticate_2fa(login: another_user.username, - otp_attempt: 'invalid') + authenticate_2fa(login: another_user.username, otp_attempt: 'invalid') expect(subject.current_user).not_to eq another_user end @@ -495,51 +493,49 @@ RSpec.describe SessionsController do end end - context 'when using two-factor authentication via U2F device' do - let(:user) { create(:user, :two_factor) } + context 'when using two-factor authentication via WebAuthn device' do + let(:user) { create(:user, :two_factor_via_webauthn) } - def authenticate_2fa_u2f(user_params) + def authenticate_2fa(user_params) post(:create, params: { user: user_params }, session: { otp_user_id: user.id }) end - before do - stub_feature_flags(webauthn: false) - end - context 'remember_me field' do it 'sets a remember_user_token cookie when enabled' do - allow(U2fRegistration).to receive(:authenticate).and_return(true) + allow_any_instance_of(Webauthn::AuthenticateService).to receive(:execute).and_return(true) allow(controller).to receive(:find_user).and_return(user) - expect(controller) - .to receive(:remember_me).with(user).and_call_original + expect(controller).to receive(:remember_me).with(user).and_call_original - authenticate_2fa_u2f(remember_me: '1', login: user.username, device_response: "{}") + authenticate_2fa(remember_me: '1', login: user.username, device_response: "{}") expect(response.cookies['remember_user_token']).to be_present end it 'does nothing when disabled' do - allow(U2fRegistration).to receive(:authenticate).and_return(true) + allow_any_instance_of(Webauthn::AuthenticateService).to receive(:execute).and_return(true) allow(controller).to receive(:find_user).and_return(user) expect(controller).not_to receive(:remember_me) - authenticate_2fa_u2f(remember_me: '0', login: user.username, device_response: "{}") + authenticate_2fa(remember_me: '0', login: user.username, device_response: "{}") expect(response.cookies['remember_user_token']).to be_nil end end it "creates an audit log record" do - allow(U2fRegistration).to receive(:authenticate).and_return(true) - expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { AuditEvent.count }.by(1) - expect(AuditEvent.last.details[:with]).to eq("two-factor-via-u2f-device") + allow_any_instance_of(Webauthn::AuthenticateService).to receive(:execute).and_return(true) + + expect { authenticate_2fa(login: user.username, device_response: "{}") }.to( + change { AuditEvent.count }.by(1)) + expect(AuditEvent.last.details[:with]).to eq("two-factor-via-webauthn-device") end it "creates an authentication event record" do - allow(U2fRegistration).to receive(:authenticate).and_return(true) + allow_any_instance_of(Webauthn::AuthenticateService).to receive(:execute).and_return(true) - expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { AuthenticationEvent.count }.by(1) - expect(AuthenticationEvent.last.provider).to eq("two-factor-via-u2f-device") + expect { authenticate_2fa(login: user.username, device_response: "{}") }.to( + change { AuthenticationEvent.count }.by(1)) + expect(AuthenticationEvent.last.provider).to eq("two-factor-via-webauthn-device") end end end @@ -567,8 +563,7 @@ RSpec.describe SessionsController do it 'sets the username and caller_id in the context' do expect(controller).to receive(:destroy).and_wrap_original do |m, *args| expect(Gitlab::ApplicationContext.current) - .to include('meta.user' => user.username, - 'meta.caller_id' => 'SessionsController#destroy') + .to include('meta.user' => user.username, 'meta.caller_id' => 'SessionsController#destroy') m.call(*args) end @@ -607,8 +602,7 @@ RSpec.describe SessionsController do m.call(*args) end - post(:create, - params: { user: { login: user.username, password: user.password.succ } }) + post :create, params: { user: { login: user.username, password: user.password.succ } } end end end |