diff options
author | Robert Speicher <robert@gitlab.com> | 2016-08-24 23:45:32 +0000 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2016-08-24 23:45:32 +0000 |
commit | 6fb46b604e4feebcbaa92d3d44d7616be709c0e5 (patch) | |
tree | b9388714a34dfb2aec72f71ab158a93a85bbc817 /spec/requests | |
parent | 9ea01f32fe4355179da6082742b6ad06f9603388 (diff) | |
parent | bba85773519e972d036a933b1f054b6c76050c5f (diff) | |
download | gitlab-ce-6fb46b604e4feebcbaa92d3d44d7616be709c0e5.tar.gz |
Merge branch 'internal_recovery_api' into 'master'
Add internal API to recovery 2FA
## What does this MR do?
Add an internal API to make SSH 2FA recovery possible. Related to gitlab-org/gitlab-shell!74
See merge request !5510
Diffstat (limited to 'spec/requests')
-rw-r--r-- | spec/requests/api/internal_spec.rb | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb index be52f88831f..5d06abcfeb3 100644 --- a/spec/requests/api/internal_spec.rb +++ b/spec/requests/api/internal_spec.rb @@ -38,6 +38,68 @@ describe API::API, api: true do end end + describe 'GET /internal/two_factor_recovery_codes' do + it 'returns an error message when the key does not exist' do + post api('/internal/two_factor_recovery_codes'), + secret_token: secret_token, + key_id: 12345 + + expect(response).to have_http_status(404) + expect(json_response['message']).to eq('404 Not found') + end + + it 'returns an error message when the key is a deploy key' do + deploy_key = create(:deploy_key) + + post api('/internal/two_factor_recovery_codes'), + secret_token: secret_token, + key_id: deploy_key.id + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq('Deploy keys cannot be used to retrieve recovery codes') + end + + it 'returns an error message when the user does not exist' do + key_without_user = create(:key, user: nil) + + post api('/internal/two_factor_recovery_codes'), + secret_token: secret_token, + key_id: key_without_user.id + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq('Could not find a user for the given key') + expect(json_response['recovery_codes']).to be_nil + end + + context 'when two-factor is enabled' do + it 'returns new recovery codes when the user exists' do + allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(true) + allow_any_instance_of(User) + .to receive(:generate_otp_backup_codes!).and_return(%w(119135e5a3ebce8e 34bd7b74adbc8861)) + + post api('/internal/two_factor_recovery_codes'), + secret_token: secret_token, + key_id: key.id + + expect(json_response['success']).to be_truthy + expect(json_response['recovery_codes']).to match_array(%w(119135e5a3ebce8e 34bd7b74adbc8861)) + end + end + + context 'when two-factor is not enabled' do + it 'returns an error message' do + allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(false) + + post api('/internal/two_factor_recovery_codes'), + secret_token: secret_token, + key_id: key.id + + expect(json_response['success']).to be_falsey + expect(json_response['recovery_codes']).to be_nil + end + end + end + describe "GET /internal/discover" do it do get(api("/internal/discover"), key_id: key.id, secret_token: secret_token) |