diff options
Diffstat (limited to 'test/rubygems/test_gem_commands_owner_command.rb')
-rw-r--r-- | test/rubygems/test_gem_commands_owner_command.rb | 57 |
1 files changed, 49 insertions, 8 deletions
diff --git a/test/rubygems/test_gem_commands_owner_command.rb b/test/rubygems/test_gem_commands_owner_command.rb index 8774862070..fc8c8cb1bd 100644 --- a/test/rubygems/test_gem_commands_owner_command.rb +++ b/test/rubygems/test_gem_commands_owner_command.rb @@ -362,10 +362,12 @@ EOF assert_equal "111111", @stub_fetcher.last_request["OTP"] end - def test_webauthn_otp_verified_success + def test_with_webauthn_enabled_success webauthn_verification_url = "rubygems.org/api/v1/webauthn_verification/odow34b93t6aPCdY" response_fail = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry." response_success = "Owner added successfully." + port = 5678 + server = TCPServer.new(port) @stub_fetcher.data["#{Gem.host}/api/v1/webauthn_verification"] = HTTPResponseFactory.create(body: webauthn_verification_url, code: 200, msg: "OK") @stub_fetcher.data["#{Gem.host}/api/v1/gems/freewill/owners"] = [ @@ -373,15 +375,54 @@ EOF HTTPResponseFactory.create(body: response_success, code: 200, msg: "OK"), ] - @otp_ui = Gem::MockGemUi.new "111111\n" - use_ui @otp_ui do - @cmd.add_owners("freewill", ["user-new1@example.com"]) + TCPServer.stub(:new, server) do + Gem::WebauthnListener.stub(:wait_for_otp_code, "Uvh6T57tkWuUnWYo") do + use_ui @stub_ui do + @cmd.add_owners("freewill", ["user-new1@example.com"]) + end + end + ensure + server.close end - assert_match "You have enabled multi-factor authentication. Please enter OTP code from your security device by visiting #{webauthn_verification_url}", @otp_ui.output - assert_match "Code: ", @otp_ui.output - assert_match response_success, @otp_ui.output - assert_equal "111111", @stub_fetcher.last_request["OTP"] + url_with_port = "#{webauthn_verification_url}?port=#{port}" + assert_match "You have enabled multi-factor authentication. Please visit #{url_with_port} to authenticate via security device.", @stub_ui.output + assert_match "You are verified with a security device. You may close the browser window.", @stub_ui.output + assert_equal "Uvh6T57tkWuUnWYo", @stub_fetcher.last_request["OTP"] + assert_match response_success, @stub_ui.output + end + + def test_with_webauthn_enabled_failure + webauthn_verification_url = "rubygems.org/api/v1/webauthn_verification/odow34b93t6aPCdY" + response_fail = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry." + response_success = "Owner added successfully." + port = 5678 + server = TCPServer.new(port) + raise_error = ->(*_args) { raise Gem::WebauthnVerificationError, "Something went wrong" } + + @stub_fetcher.data["#{Gem.host}/api/v1/webauthn_verification"] = HTTPResponseFactory.create(body: webauthn_verification_url, code: 200, msg: "OK") + @stub_fetcher.data["#{Gem.host}/api/v1/gems/freewill/owners"] = [ + HTTPResponseFactory.create(body: response_fail, code: 401, msg: "Unauthorized"), + HTTPResponseFactory.create(body: response_success, code: 200, msg: "OK"), + ] + + error = assert_raise Gem::WebauthnVerificationError do + TCPServer.stub(:new, server) do + Gem::WebauthnListener.stub(:wait_for_otp_code, raise_error) do + use_ui @stub_ui do + @cmd.add_owners("freewill", ["user-new1@example.com"]) + end + end + ensure + server.close + end + end + assert_equal "Security device verification failed: Something went wrong", error.message + + url_with_port = "#{webauthn_verification_url}?port=#{port}" + assert_match "You have enabled multi-factor authentication. Please visit #{url_with_port} to authenticate via security device.", @stub_ui.output + refute_match "You are verified with a security device. You may close the browser window.", @stub_ui.output + refute_match response_success, @stub_ui.output end def test_remove_owners_unathorized_api_key |