abunchtell
/
mastodon
1
0
Fork 0
Code Issues 0 Activity
The code powering m.abunchtell.com https://m.abunchtell.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7854 Commits
1 Branch
94 MiB
 
 
 
 
Tree: e1066cd431
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e1066cd431'
${ noResults }
mastodon/spec/controllers/concerns/challengable_concern_spec.rb

115 lines
2.5 KiB
Raw Blame History 

  1. # frozen_string_literal: true

  2. 

  3. require 'rails_helper'

  4. 

  5. RSpec.describe ChallengableConcern, type: :controller do

  6.   controller(ApplicationController) do

  7.     include ChallengableConcern

  8. 

  9.     before_action :require_challenge!

  10. 

  11.     def foo

  12.       render plain: 'foo'

  13.     end

  14. 

  15.     def bar

  16.       render plain: 'bar'

  17.     end

  18.   end

  19. 

  20.   before do

  21.     routes.draw do

  22.       get  'foo' => 'anonymous#foo'

  23.       post 'bar' => 'anonymous#bar'

  24.     end

  25.   end

  26. 

  27.   context 'with a no-password user' do

  28.     let(:user) { Fabricate(:user, external: true, password: nil) }

  29. 

  30.     before do

  31.       sign_in user

  32.     end

  33. 

  34.     context 'for GET requests' do

  35.       before { get :foo }

  36. 

  37.       it 'does not ask for password' do

  38.         expect(response.body).to eq 'foo'

  39.       end

  40.     end

  41. 

  42.     context 'for POST requests' do

  43.       before { post :bar }

  44. 

  45.       it 'does not ask for password' do

  46.         expect(response.body).to eq 'bar'

  47.       end

  48.     end

  49.   end

  50. 

  51.   context 'with recent challenge in session' do

  52.     let(:password) { 'foobar12345' }

  53.     let(:user) { Fabricate(:user, password: password) }

  54. 

  55.     before do

  56.       sign_in user

  57.     end

  58. 

  59.     context 'for GET requests' do

  60.       before { get :foo, session: { challenge_passed_at: Time.now.utc } }

  61. 

  62.       it 'does not ask for password' do

  63.         expect(response.body).to eq 'foo'

  64.       end

  65.     end

  66. 

  67.     context 'for POST requests' do

  68.       before { post :bar, session: { challenge_passed_at: Time.now.utc } }

  69. 

  70.       it 'does not ask for password' do

  71.         expect(response.body).to eq 'bar'

  72.       end

  73.     end

  74.   end

  75. 

  76.   context 'with a password user' do

  77.     let(:password) { 'foobar12345' }

  78.     let(:user) { Fabricate(:user, password: password) }

  79. 

  80.     before do

  81.       sign_in user

  82.     end

  83. 

  84.     context 'for GET requests' do

  85.       before { get :foo }

  86. 

  87.       it 'renders challenge' do

  88.         expect(response).to render_template('auth/challenges/new')

  89.       end

  90. 

  91.       # See Auth::ChallengesControllerSpec

  92.     end

  93. 

  94.     context 'for POST requests' do

  95.       before { post :bar }

  96. 

  97.       it 'renders challenge' do

  98.         expect(response).to render_template('auth/challenges/new')

  99.       end

  100. 

  101.       it 'accepts correct password' do

  102.         post :bar, params: { form_challenge: { current_password: password } }

  103.         expect(response.body).to eq 'bar'

  104.         expect(session[:challenge_passed_at]).to_not be_nil

  105.       end

  106. 

  107.       it 'rejects wrong password' do

  108.         post :bar, params: { form_challenge: { current_password: 'dddfff888123' } }

  109.         expect(response.body).to render_template('auth/challenges/new')

  110.         expect(session[:challenge_passed_at]).to be_nil

  111.       end

  112.     end

  113.   end

  114. end