diff options
Diffstat (limited to 'spec/models')
| -rw-r--r-- | spec/models/authentication_event_spec.rb | 27 | ||||
| -rw-r--r-- | spec/models/concerns/require_email_verification_spec.rb | 103 |
2 files changed, 130 insertions, 0 deletions
diff --git a/spec/models/authentication_event_spec.rb b/spec/models/authentication_event_spec.rb index 83598fa6765..23e253c2a28 100644 --- a/spec/models/authentication_event_spec.rb +++ b/spec/models/authentication_event_spec.rb @@ -44,4 +44,31 @@ RSpec.describe AuthenticationEvent do expect(described_class.providers).to match_array %w(ldapmain google_oauth2 standard two-factor two-factor-via-u2f-device two-factor-via-webauthn-device) end end + + describe '.initial_login_or_known_ip_address?' do + let_it_be(:user) { create(:user) } + let_it_be(:ip_address) { '127.0.0.1' } + + subject { described_class.initial_login_or_known_ip_address?(user, ip_address) } + + context 'on first login, when no record exists yet' do + it { is_expected.to eq(true) } + end + + context 'on second login from the same ip address' do + before do + create(:authentication_event, :successful, user: user, ip_address: ip_address) + end + + it { is_expected.to eq(true) } + end + + context 'on second login from another ip address' do + before do + create(:authentication_event, :successful, user: user, ip_address: '1.2.3.4') + end + + it { is_expected.to eq(false) } + end + end end diff --git a/spec/models/concerns/require_email_verification_spec.rb b/spec/models/concerns/require_email_verification_spec.rb new file mode 100644 index 00000000000..66e35563c7f --- /dev/null +++ b/spec/models/concerns/require_email_verification_spec.rb @@ -0,0 +1,103 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe RequireEmailVerification do + let_it_be(:model) do + Class.new(ApplicationRecord) do + self.table_name = 'users' + + devise :lockable + + include RequireEmailVerification + end + end + + using RSpec::Parameterized::TableSyntax + + where(:feature_flag_enabled, :two_factor_enabled, :overridden) do + false | false | false + false | true | false + true | false | true + true | true | false + end + + with_them do + let(:instance) { model.new } + + before do + stub_feature_flags(require_email_verification: feature_flag_enabled) + allow(instance).to receive(:two_factor_enabled?).and_return(two_factor_enabled) + end + + describe '#lock_access!' do + subject { instance.lock_access! } + + before do + allow(instance).to receive(:save) + end + + it 'sends Devise unlock instructions unless overridden and always sets locked_at' do + expect(instance).to receive(:send_unlock_instructions).exactly(overridden ? 0 : 1).times + + expect { subject }.to change { instance.locked_at }.from(nil) + end + end + + describe '#attempts_exceeded?' do + subject { instance.send(:attempts_exceeded?) } + + context 'when failed_attempts is LT overridden amount' do + before do + instance.failed_attempts = 5 + end + + it { is_expected.to eq(false) } + end + + context 'when failed_attempts is GTE overridden amount but LT Devise default amount' do + before do + instance.failed_attempts = 6 + end + + it { is_expected.to eq(overridden) } + end + + context 'when failed_attempts is GTE Devise default amount' do + before do + instance.failed_attempts = 10 + end + + it { is_expected.to eq(true) } + end + end + + describe '#lock_expired?' do + subject { instance.send(:lock_expired?) } + + context 'when locked shorter ago than Devise default time' do + before do + instance.locked_at = 9.minutes.ago + end + + it { is_expected.to eq(false) } + end + + context 'when locked longer ago than Devise default time but shorter ago than overriden time' do + before do + instance.locked_at = 11.minutes.ago + end + + it { is_expected.to eq(!overridden) } + end + + context 'when locked longer ago than overriden time' do + before do + instance.locked_at = (24.hours + 1.minute).ago + end + + it { is_expected.to eq(true) } + end + end + end +end |