1 files changed, 87 insertions, 0 deletions

diff --git a/spec/lib/gitlab/auth/otp/strategies/forti_token_cloud_spec.rb b/spec/lib/gitlab/auth/otp/strategies/forti_token_cloud_spec.rb
new file mode 100644
index 00000000000..1580fc82279
--- /dev/null
+++ b/spec/lib/gitlab/auth/otp/strategies/forti_token_cloud_spec.rb
@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Auth::Otp::Strategies::FortiTokenCloud do
+  let_it_be(:user) { create(:user) }
+  let(:otp_code) { 42 }
+
+  let(:url) { 'https://ftc.example.com:9696/api/v1' }
+  let(:client_id) { 'client_id' }
+  let(:client_secret) { 's3cr3t' }
+  let(:access_token_create_url) { url + '/login' }
+  let(:otp_verification_url) { url + '/auth' }
+  let(:access_token) { 'an_access_token' }
+  let(:access_token_create_response_body) { '' }
+
+  subject(:validate) { described_class.new(user).validate(otp_code) }
+
+  before do
+    stub_feature_flags(forti_token_cloud: user)
+
+    stub_const("#{described_class}::BASE_API_URL", url)
+
+    stub_forti_token_cloud_config(
+      enabled: true,
+      client_id: client_id,
+      client_secret: client_secret
+    )
+
+    access_token_request_body = { client_id: client_id,
+                                  client_secret: client_secret }
+
+    stub_request(:post, access_token_create_url)
+      .with(body: JSON(access_token_request_body), headers: { 'Content-Type' => 'application/json' })
+      .to_return(
+        status: access_token_create_response_status,
+        body: Gitlab::Json.generate(access_token_create_response_body),
+        headers: {}
+      )
+  end
+
+  context 'access token is created successfully' do
+    let(:access_token_create_response_body) { { access_token: access_token, expires_in: 3600 } }
+    let(:access_token_create_response_status) { 201 }
+
+    before do
+      otp_verification_request_body = { username: user.username,
+                                        token: otp_code }
+
+      stub_request(:post, otp_verification_url)
+        .with(body: JSON(otp_verification_request_body),
+          headers: {
+            'Content-Type' => 'application/json',
+            'Authorization' => "Bearer #{access_token}"
+          })
+        .to_return(status: otp_verification_response_status, body: '', headers: {})
+    end
+
+    context 'otp verification is successful' do
+      let(:otp_verification_response_status) { 200 }
+
+      it 'returns success' do
+        expect(validate[:status]).to eq(:success)
+      end
+    end
+
+    context 'otp verification is not successful' do
+      let(:otp_verification_response_status) { 401 }
+
+      it 'returns error' do
+        expect(validate[:status]).to eq(:error)
+      end
+    end
+  end
+
+  context 'access token creation fails' do
+    let(:access_token_create_response_status) { 400 }
+
+    it 'returns error' do
+      expect(validate[:status]).to eq(:error)
+    end
+  end
+
+  def stub_forti_token_cloud_config(forti_token_cloud_settings)
+    allow(::Gitlab.config.forti_token_cloud).to(receive_messages(forti_token_cloud_settings))
+  end
+end