Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/requests/sessions_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/sessions_spec.rb')
-rw-r--r--spec/requests/sessions_spec.rb29
1 files changed, 29 insertions, 0 deletions
diff --git a/spec/requests/sessions_spec.rb b/spec/requests/sessions_spec.rb
index 3bff9555834..8e069427678 100644
--- a/spec/requests/sessions_spec.rb
+++ b/spec/requests/sessions_spec.rb
@@ -38,6 +38,35 @@ RSpec.describe 'Sessions', feature_category: :system_access do
end
end
+ context 'when using two-factor authentication via OTP' do
+ let(:user) { create(:user, :two_factor, :invalid) }
+ let(:user_params) { { login: user.username, password: user.password } }
+
+ def authenticate_2fa(otp_attempt:)
+ post(user_session_path(params: { user: user_params })) # First sign-in request for password, second for OTP
+ post(user_session_path(params: { user: user_params.merge(otp_attempt: otp_attempt) }))
+ end
+
+ context 'with an invalid user' do
+ it 'raises StandardError when ActiveRecord::RecordInvalid is raised to return 500 instead of 422' do
+ otp = user.current_otp
+
+ expect { authenticate_2fa(otp_attempt: otp) }.to raise_error(StandardError)
+ end
+ end
+
+ context 'with an invalid record other than user' do
+ it 'raises ActiveRecord::RecordInvalid for invalid record to return 422f' do
+ otp = user.current_otp
+ allow_next_instance_of(ActiveRecord::RecordInvalid) do |instance|
+ allow(instance).to receive(:record).and_return(nil) # Simulate it's not a user
+ end
+
+ expect { authenticate_2fa(otp_attempt: otp) }.to raise_error(ActiveRecord::RecordInvalid)
+ end
+ end
+ end
+
context 'when user signs out' do
before do
post user_session_path(user: { login: user.username, password: user.password })
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-18 15:04:15 +0300