1 files changed, 35 insertions, 4 deletions

diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 2b61e0d4a85..cdec26bd421 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -53,21 +53,22 @@ describe SessionsController do
         include UserActivitiesHelpers
 
         let(:user) { create(:user) }
+        let(:user_params) { { login: user.username, password: user.password } }
 
         it 'authenticates user correctly' do
-          post(:create, user: { login: user.username, password: user.password })
+          post(:create, user: user_params)
 
           expect(subject.current_user). to eq user
         end
 
         it 'creates an audit log record' do
-          expect { post(:create, user: { login: user.username, password: user.password }) }.to change { SecurityEvent.count }.by(1)
+          expect { post(:create, user: user_params) }.to change { SecurityEvent.count }.by(1)
           expect(SecurityEvent.last.details[:with]).to eq('standard')
         end
 
         include_examples 'user login request with unique ip limit', 302 do
           def request
-            post(:create, user: { login: user.username, password: user.password })
+            post(:create, user: user_params)
             expect(subject.current_user).to eq user
             subject.sign_out user
           end
@@ -75,10 +76,40 @@ describe SessionsController do
 
         it 'updates the user activity' do
           expect do
-            post(:create, user: { login: user.username, password: user.password })
+            post(:create, user: user_params)
           end.to change { user_activity(user) }
         end
       end
+
+      context 'when reCAPTCHA is enabled' do
+        let(:user) { create(:user) }
+        let(:user_params) { { login: user.username, password: user.password } }
+
+        before do
+          stub_application_setting(recaptcha_enabled: true)
+          request.headers[described_class::CAPTCHA_HEADER] = 1
+        end
+
+        it 'displays an error when the reCAPTCHA is not solved' do
+          # Without this, `verify_recaptcha` arbitraily returns true in test env
+          Recaptcha.configuration.skip_verify_env.delete('test')
+
+          post(:create, user: user_params)
+
+          expect(response).to render_template(:new)
+          expect(flash[:alert]).to include 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'
+          expect(subject.current_user).to be_nil
+        end
+
+        it 'successfully logs in a user when reCAPTCHA is solved' do
+          # Avoid test ordering issue and ensure `verify_recaptcha` returns true
+          Recaptcha.configuration.skip_verify_env << 'test'
+
+          post(:create, user: user_params)
+
+          expect(subject.current_user).to eq user
+        end
+      end
     end
 
     context 'when using two-factor authentication via OTP' do