diff options
Diffstat (limited to 'spec/features/profiles')
-rw-r--r-- | spec/features/profiles/password_spec.rb | 44 | ||||
-rw-r--r-- | spec/features/profiles/personal_access_tokens_spec.rb | 39 | ||||
-rw-r--r-- | spec/features/profiles/two_factor_auths_spec.rb | 2 |
3 files changed, 61 insertions, 24 deletions
diff --git a/spec/features/profiles/password_spec.rb b/spec/features/profiles/password_spec.rb index 6c860740354..8887ff1746d 100644 --- a/spec/features/profiles/password_spec.rb +++ b/spec/features/profiles/password_spec.rb @@ -152,6 +152,33 @@ RSpec.describe 'Profile > Password' do it_behaves_like 'user enters an incorrect current password' end + context 'when the password is too weak' do + let(:new_password) { 'password' } + + subject do + page.within '.update-password' do + fill_in "user_password", with: user.password + fill_passwords(new_password, new_password) + end + end + + it 'tracks the error and does not change the password', :aggregate_failures do + expect { subject }.not_to change { user.reload.valid_password?(new_password) } + expect(user.failed_attempts).to eq(0) + + page.within '.gl-alert-danger' do + expect(page).to have_content('must not contain commonly used combinations of words and letters') + end + + expect_snowplow_event( + category: 'Gitlab::Tracking::Helpers::WeakPasswordErrorEvent', + action: 'track_weak_password_error', + controller: 'Profiles::PasswordsController', + method: 'update' + ) + end + end + context 'when the password reset is successful' do subject do page.within '.update-password' do @@ -195,6 +222,23 @@ RSpec.describe 'Profile > Password' do expect(page).to have_current_path new_user_session_path, ignore_query: true end + it 'tracks weak password error' do + visit edit_profile_password_path + + expect(page).to have_current_path new_profile_password_path, ignore_query: true + + fill_in :user_password, with: user.password + fill_in :user_new_password, with: "password" + fill_in :user_password_confirmation, with: "password" + click_button 'Set new password' + expect_snowplow_event( + category: 'Gitlab::Tracking::Helpers::WeakPasswordErrorEvent', + action: 'track_weak_password_error', + controller: 'Profiles::PasswordsController', + method: 'create' + ) + end + context 'when global require_two_factor_authentication is enabled' do it 'needs change user password' do stub_application_setting(require_two_factor_authentication: true) diff --git a/spec/features/profiles/personal_access_tokens_spec.rb b/spec/features/profiles/personal_access_tokens_spec.rb index 088c8a7a15a..3ae88da06f6 100644 --- a/spec/features/profiles/personal_access_tokens_spec.rb +++ b/spec/features/profiles/personal_access_tokens_spec.rb @@ -4,22 +4,11 @@ require 'spec_helper' RSpec.describe 'Profile > Personal Access Tokens', :js do include Spec::Support::Helpers::ModalHelpers + include Spec::Support::Helpers::AccessTokenHelpers let(:user) { create(:user) } let(:pat_create_service) { double('PersonalAccessTokens::CreateService', execute: ServiceResponse.error(message: 'error', payload: { personal_access_token: PersonalAccessToken.new })) } - def active_personal_access_tokens - find("[data-testid='active-tokens']") - end - - def created_personal_access_token - find_field('new-access-token').value - end - - def feed_token_description - "Your feed token authenticates you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar. It is visible in those feed URLs." - end - before do sign_in(user) end @@ -43,11 +32,11 @@ RSpec.describe 'Profile > Personal Access Tokens', :js do click_on "Create personal access token" wait_for_all_requests - expect(active_personal_access_tokens).to have_text(name) - expect(active_personal_access_tokens).to have_text('in') - expect(active_personal_access_tokens).to have_text('read_api') - expect(active_personal_access_tokens).to have_text('read_user') - expect(created_personal_access_token).not_to be_empty + expect(active_access_tokens).to have_text(name) + expect(active_access_tokens).to have_text('in') + expect(active_access_tokens).to have_text('read_api') + expect(active_access_tokens).to have_text('read_user') + expect(created_access_token).to match(/[\w-]{20}/) end context "when creation fails" do @@ -73,8 +62,8 @@ RSpec.describe 'Profile > Personal Access Tokens', :js do it 'only shows personal access tokens' do visit profile_personal_access_tokens_path - expect(active_personal_access_tokens).to have_text(personal_access_token.name) - expect(active_personal_access_tokens).not_to have_text(impersonation_token.name) + expect(active_access_tokens).to have_text(personal_access_token.name) + expect(active_access_tokens).not_to have_text(impersonation_token.name) end context 'when User#time_display_relative is false' do @@ -85,7 +74,7 @@ RSpec.describe 'Profile > Personal Access Tokens', :js do it 'shows absolute times for expires_at' do visit profile_personal_access_tokens_path - expect(active_personal_access_tokens).to have_text(PersonalAccessToken.last.expires_at.strftime('%b %-d')) + expect(active_access_tokens).to have_text(PersonalAccessToken.last.expires_at.strftime('%b %-d')) end end end @@ -97,14 +86,14 @@ RSpec.describe 'Profile > Personal Access Tokens', :js do visit profile_personal_access_tokens_path accept_gl_confirm(button_text: 'Revoke') { click_on "Revoke" } - expect(active_personal_access_tokens).to have_text("This user has no active personal access tokens.") + expect(active_access_tokens).to have_text("This user has no active personal access tokens.") end it "removes expired tokens from 'active' section" do personal_access_token.update!(expires_at: 5.days.ago) visit profile_personal_access_tokens_path - expect(active_personal_access_tokens).to have_text("This user has no active personal access tokens.") + expect(active_access_tokens).to have_text("This user has no active personal access tokens.") end context "when revocation fails" do @@ -115,12 +104,16 @@ RSpec.describe 'Profile > Personal Access Tokens', :js do visit profile_personal_access_tokens_path accept_gl_confirm(button_text: "Revoke") { click_on "Revoke" } - expect(active_personal_access_tokens).to have_text(personal_access_token.name) + expect(active_access_tokens).to have_text(personal_access_token.name) end end end describe "feed token" do + def feed_token_description + "Your feed token authenticates you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar. It is visible in those feed URLs." + end + context "when enabled" do it "displays feed token" do allow(Gitlab::CurrentSettings).to receive(:disable_feed_token).and_return(false) diff --git a/spec/features/profiles/two_factor_auths_spec.rb b/spec/features/profiles/two_factor_auths_spec.rb index b4355f2d669..decc2904b6e 100644 --- a/spec/features/profiles/two_factor_auths_spec.rb +++ b/spec/features/profiles/two_factor_auths_spec.rb @@ -13,7 +13,7 @@ RSpec.describe 'Two factor auths' do end context 'when user has two-factor authentication disabled' do - let_it_be(:user) { create(:user ) } + let_it_be(:user) { create(:user) } it 'requires the current password to set up two factor authentication', :js do visit profile_two_factor_auth_path |