1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Two factor auths' do
context 'when signed in' do
before do
sign_in(user)
end
context 'when user has two-factor authentication disabled' do
let_it_be(:user) { create(:user ) }
it 'requires the current password to set up two factor authentication', :js do
visit profile_two_factor_auth_path
register_2fa(user.current_otp, '123')
expect(page).to have_content('You must provide a valid current password')
register_2fa(user.reload.current_otp, user.password)
expect(page).to have_content('Please copy, download, or print your recovery codes before proceeding.')
click_button 'Copy codes'
click_link 'Proceed'
expect(page).to have_content('Status: Enabled')
end
context 'when user authenticates with an external service' do
let_it_be(:user) { create(:omniauth_user) }
it 'does not require the current password to set up two factor authentication', :js do
visit profile_two_factor_auth_path
fill_in 'pin_code', with: user.current_otp
click_button 'Register with two-factor app'
expect(page).to have_content('Please copy, download, or print your recovery codes before proceeding.')
click_button 'Copy codes'
click_link 'Proceed'
expect(page).to have_content('Status: Enabled')
end
end
end
context 'when user has two-factor authentication enabled' do
let_it_be(:user) { create(:user, :two_factor) }
it 'requires the current_password to disable two-factor authentication', :js do
visit profile_two_factor_auth_path
fill_in 'current_password', with: '123'
click_button 'Disable two-factor authentication'
page.accept_alert
expect(page).to have_content('You must provide a valid current password')
fill_in 'current_password', with: user.password
click_button 'Disable two-factor authentication'
page.accept_alert
expect(page).to have_content('Two-factor authentication has been disabled successfully!')
expect(page).to have_content('Enable two-factor authentication')
end
it 'requires the current_password to regenerate recovery codes', :js do
visit profile_two_factor_auth_path
fill_in 'current_password', with: '123'
click_button 'Regenerate recovery codes'
expect(page).to have_content('You must provide a valid current password')
fill_in 'current_password', with: user.password
click_button 'Regenerate recovery codes'
expect(page).to have_content('Please copy, download, or print your recovery codes before proceeding.')
end
context 'when user authenticates with an external service' do
let_it_be(:user) { create(:omniauth_user, :two_factor) }
it 'does not require the current_password to disable two-factor authentication', :js do
visit profile_two_factor_auth_path
click_button 'Disable two-factor authentication'
page.accept_alert
expect(page).to have_content('Two-factor authentication has been disabled successfully!')
expect(page).to have_content('Enable two-factor authentication')
end
it 'does not require the current_password to regenerate recovery codes', :js do
visit profile_two_factor_auth_path
click_button 'Regenerate recovery codes'
expect(page).to have_content('Please copy, download, or print your recovery codes before proceeding.')
end
end
end
def register_2fa(pin, password)
fill_in 'pin_code', with: pin
fill_in 'current_password', with: password
click_button 'Register with two-factor app'
end
end
end
|
