diff options
Diffstat (limited to 'spec/controllers/admin/sessions_controller_spec.rb')
-rw-r--r-- | spec/controllers/admin/sessions_controller_spec.rb | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/spec/controllers/admin/sessions_controller_spec.rb b/spec/controllers/admin/sessions_controller_spec.rb index 82366cc6952..35982e57034 100644 --- a/spec/controllers/admin/sessions_controller_spec.rb +++ b/spec/controllers/admin/sessions_controller_spec.rb @@ -220,10 +220,8 @@ RSpec.describe Admin::SessionsController, :do_not_mock_admin_mode do end end - context 'when using two-factor authentication via U2F' do - let(:user) { create(:admin, :two_factor_via_u2f) } - - def authenticate_2fa_u2f(user_params) + shared_examples 'when using two-factor authentication via hardware device' do + def authenticate_2fa(user_params) post(:create, params: { user: user_params }, session: { otp_user_id: user.id }) end @@ -239,14 +237,18 @@ RSpec.describe Admin::SessionsController, :do_not_mock_admin_mode do end it 'can login with valid auth' do + # we can stub both without an differentiation between webauthn / u2f + # as these not interfere with each other und this saves us passing aroud + # parameters allow(U2fRegistration).to receive(:authenticate).and_return(true) + allow_any_instance_of(Webauthn::AuthenticateService).to receive(:execute).and_return(true) expect(controller.current_user_mode.admin_mode?).to be(false) controller.store_location_for(:redirect, admin_root_path) controller.current_user_mode.request_admin_mode! - authenticate_2fa_u2f(login: user.username, device_response: '{}') + authenticate_2fa(login: user.username, device_response: '{}') expect(response).to redirect_to admin_root_path expect(controller.current_user_mode.admin_mode?).to be(true) @@ -254,16 +256,33 @@ RSpec.describe Admin::SessionsController, :do_not_mock_admin_mode do it 'cannot login with invalid auth' do allow(U2fRegistration).to receive(:authenticate).and_return(false) + allow_any_instance_of(Webauthn::AuthenticateService).to receive(:execute).and_return(false) expect(controller.current_user_mode.admin_mode?).to be(false) controller.current_user_mode.request_admin_mode! - authenticate_2fa_u2f(login: user.username, device_response: '{}') + authenticate_2fa(login: user.username, device_response: '{}') expect(response).to render_template('admin/sessions/two_factor') expect(controller.current_user_mode.admin_mode?).to be(false) end end + + context 'when using two-factor authentication via U2F' do + it_behaves_like 'when using two-factor authentication via hardware device' do + let(:user) { create(:admin, :two_factor_via_u2f) } + + before do + stub_feature_flags(webauthn: false) + end + end + end + + context 'when using two-factor authentication via WebAuthn' do + it_behaves_like 'when using two-factor authentication via hardware device' do + let(:user) { create(:admin, :two_factor_via_webauthn) } + end + end end end |