blob: 3b048ecbe24f64b3f0c3b4f40224153b82c14795 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
# frozen_string_literal: true
module QA
RSpec.describe 'Manage', :requires_admin, :skip_live_env, :reliable do
describe '2FA', product_group: :system_access do
let(:owner_user) do
Resource::User.fabricate_via_api! do |usr|
usr.api_client = admin_api_client
end
end
let(:developer_user) do
Resource::User.fabricate_via_api! do |resource|
resource.api_client = admin_api_client
end
end
let(:sandbox_group) do
Resource::Sandbox.fabricate! do |sandbox_group|
sandbox_group.path = "gitlab-qa-2fa-recovery-sandbox-group-#{SecureRandom.hex(4)}"
sandbox_group.api_client = owner_api_client
end
end
let(:group) do
QA::Resource::Group.fabricate_via_api! do |group|
group.sandbox = sandbox_group
group.api_client = owner_api_client
group.require_two_factor_authentication = true
end
end
before do
group.add_member(developer_user, Resource::Members::AccessLevel::DEVELOPER)
end
it(
'allows using 2FA recovery code once only',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347937'
) do
recovery_code = enable_2fa_for_user_and_fetch_recovery_code(developer_user)
Flow::Login.sign_in(as: developer_user, skip_page_validation: true)
Page::Main::TwoFactorAuth.perform do |two_fa_auth|
two_fa_auth.set_2fa_code(recovery_code)
two_fa_auth.click_verify_code_button
end
expect(Page::Main::Menu.perform(&:signed_in?)).to be_truthy
Page::Main::Menu.perform(&:sign_out)
Flow::Login.sign_in(as: developer_user, skip_page_validation: true)
Page::Main::TwoFactorAuth.perform do |two_fa_auth|
two_fa_auth.set_2fa_code(recovery_code)
two_fa_auth.click_verify_code_button
end
expect(page).to have_text('Invalid two-factor code')
end
def admin_api_client
@admin_api_client ||= Runtime::API::Client.as_admin
end
def owner_api_client
@owner_api_client ||= Runtime::API::Client.new(:gitlab, user: owner_user)
end
def enable_2fa_for_user_and_fetch_recovery_code(user)
Flow::Login.while_signed_in(as: user) do
Page::Profile::TwoFactorAuth.perform do |two_fa_auth|
otp = QA::Support::OTP.new(two_fa_auth.otp_secret_content)
two_fa_auth.set_pin_code(otp.fresh_otp)
two_fa_auth.set_current_password(user.password)
two_fa_auth.click_register_2fa_app_button
recovery_code = two_fa_auth.recovery_codes.sample
two_fa_auth.click_copy_and_proceed
recovery_code
end
end
end
end
end
end
|
