Welcome to mirror list, hosted at ThFree Co, Russian Federation.

two_factor_auth_verifier_spec.rb « auth « gitlab « lib « spec - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/auth/two_factor_auth_verifier_spec.rb
blob: 876c23a91bd26fff188ae80344a336361b51762d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Gitlab::Auth::TwoFactorAuthVerifier do
  using RSpec::Parameterized::TableSyntax

  subject(:verifier) { described_class.new(user) }

  let(:user) { build_stubbed(:user, otp_grace_period_started_at: Time.zone.now) }

  describe '#two_factor_authentication_enforced?' do
    subject { verifier.two_factor_authentication_enforced? }

    where(:instance_level_enabled, :group_level_enabled, :grace_period_expired, :should_be_enforced) do
      false | false | true  | false
      true  | false | false | false
      true  | false | true  | true
      false | true  | false | false
      false | true  | true  | true
    end

    with_them do
      before do
        stub_application_setting(require_two_factor_authentication: instance_level_enabled)
        allow(user).to receive(:require_two_factor_authentication_from_group?).and_return(group_level_enabled)
        stub_application_setting(two_factor_grace_period: grace_period_expired ? 0 : 1.month.in_hours)
      end

      it { is_expected.to eq(should_be_enforced) }
    end
  end

  describe '#two_factor_authentication_required?' do
    subject { verifier.two_factor_authentication_required? }

    where(:instance_level_enabled, :group_level_enabled, :should_be_required) do
      true  | false | true
      false | true  | true
      false | false | false
    end

    with_them do
      before do
        stub_application_setting(require_two_factor_authentication: instance_level_enabled)
        allow(user).to receive(:require_two_factor_authentication_from_group?).and_return(group_level_enabled)
      end

      it { is_expected.to eq(should_be_required) }
    end
  end

  describe '#current_user_needs_to_setup_two_factor?' do
    it 'returns false when current_user is nil' do
      expect(described_class.new(nil).current_user_needs_to_setup_two_factor?).to be_falsey
    end

    it 'returns false when current_user does not have temp email' do
      allow(user).to receive(:two_factor_enabled?).and_return(false)
      allow(user).to receive(:temp_oauth_email?).and_return(true)

      expect(subject.current_user_needs_to_setup_two_factor?).to be_falsey
    end

    it 'returns false when current_user has 2fa disabled' do
      allow(user).to receive(:temp_oauth_email?).and_return(false)
      allow(user).to receive(:two_factor_enabled?).and_return(true)

      expect(subject.current_user_needs_to_setup_two_factor?).to be_falsey
    end

    it 'returns true when user requires 2fa authentication' do
      allow(user).to receive(:two_factor_enabled?).and_return(false)
      allow(user).to receive(:temp_oauth_email?).and_return(false)

      expect(subject.current_user_needs_to_setup_two_factor?).to be_truthy
    end
  end

  describe '#two_factor_grace_period' do
    it 'returns grace period from settings if there is no period from groups' do
      stub_application_setting two_factor_grace_period: 2
      allow(user).to receive(:require_two_factor_authentication_from_group?).and_return(false)

      expect(subject.two_factor_grace_period).to eq(2)
    end

    it 'returns grace period from groups if there is no period from settings' do
      allow(user).to receive(:require_two_factor_authentication_from_group?).and_return(true)
      allow(user).to receive(:two_factor_grace_period).and_return(3)

      expect(subject.two_factor_grace_period).to eq(3)
    end

    it 'returns minimal grace period if there is grace period from settings and from group' do
      allow(user).to receive(:require_two_factor_authentication_from_group?).and_return(true)
      allow(user).to receive(:two_factor_grace_period).and_return(3)
      stub_application_setting two_factor_grace_period: 2

      expect(subject.two_factor_grace_period).to eq(2)
    end
  end

  describe '#two_factor_grace_period_expired?' do
    it 'returns true if the grace period has expired' do
      stub_application_setting two_factor_grace_period: 0

      expect(subject.two_factor_grace_period_expired?).to be_truthy
    end

    it 'returns false if the grace period has not expired' do
      stub_application_setting two_factor_grace_period: 1.month.in_hours

      expect(subject.two_factor_grace_period_expired?).to be_falsey
    end

    context 'when otp_grace_period_started_at is nil' do
      it 'returns false' do
        user.otp_grace_period_started_at = nil

        expect(subject.two_factor_grace_period_expired?).to be_falsey
      end
    end
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-15 13:03:22 +0300