Convert `settings/two_factor_authentication_methods` spec controller->system/request (#33914)

2025-02-13 05:50:04 -05:00 · 2025-02-13 05:50:04 -05:00 · 8f1b41622b
parent 62dc303d3c
commit 8f1b41622b
3 changed files with 76 additions and 79 deletions
--- a/spec/controllers/settings/two_factor_authentication_methods_controller_spec.rb
+++ b/spec/controllers/settings/two_factor_authentication_methods_controller_spec.rb
@ -1,79 +0,0 @@
 # frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe Settings::TwoFactorAuthenticationMethodsController do
  render_views
  context 'when not signed in' do
    describe 'GET to #index' do
      it 'redirects' do
        get :index
        expect(response).to redirect_to '/auth/sign_in'
      end
    end
  end
  context 'when signed in' do
    let(:user) { Fabricate(:user) }
    before do
      sign_in user, scope: :user
    end
    describe 'GET #index' do
      describe 'when user has enabled otp' do
        before do
          user.update(otp_required_for_login: true)
          get :index
        end
        it 'returns http success with private cache control headers', :aggregate_failures do
          expect(response).to have_http_status(200)
          expect(response.headers['Cache-Control']).to include('private, no-store')
        end
      end
      describe 'when user has not enabled otp' do
        before do
          user.update(otp_required_for_login: false)
          get :index
        end
        it 'redirects to enable otp' do
          expect(response).to redirect_to(settings_otp_authentication_path)
        end
      end
    end
    describe 'POST to #disable' do
      before do
        user.update(otp_required_for_login: true)
      end
      context 'when user has not passed challenge' do
        it 'renders challenge page' do
          post :disable
          expect(response).to have_http_status(200)
          expect(response).to render_template('auth/challenges/new')
        end
      end
      context 'when user has passed challenge' do
        before do
          mailer = instance_double(ApplicationMailer::MessageDelivery, deliver_later!: true)
          allow(UserMailer).to receive(:two_factor_disabled).with(user).and_return(mailer)
        end
        it 'redirects to settings page' do
          post :disable, session: { challenge_passed_at: 10.minutes.ago }
          expect(UserMailer).to have_received(:two_factor_disabled).with(user)
          expect(response).to redirect_to(settings_otp_authentication_path)
        end
      end
    end
  end
 end
--- a/spec/requests/settings/two_factor_authentication_methods_spec.rb
+++ b/spec/requests/settings/two_factor_authentication_methods_spec.rb
@ -0,0 +1,35 @@
 # frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Settings TwoFactorAuthenticationMethods' do
  context 'when not signed in' do
    describe 'GET to /settings/two_factor_authentication_methods' do
      it 'redirects to sign in page' do
        get settings_two_factor_authentication_methods_path
        expect(response)
          .to redirect_to(new_user_session_path)
      end
    end
  end
  context 'when signed in' do
    let(:user) { Fabricate(:user) }
    before { sign_in user }
    describe 'GET to /settings/two_factor_authentication_methods' do
      describe 'when user has not enabled otp' do
        before { user.update(otp_required_for_login: false) }
        it 'redirects to enable otp' do
          get settings_two_factor_authentication_methods_path
          expect(response)
            .to redirect_to(settings_otp_authentication_path)
        end
      end
    end
  end
 end
--- a/spec/system/settings/two_factor_authentication_methods_spec.rb
+++ b/spec/system/settings/two_factor_authentication_methods_spec.rb
@ -0,0 +1,41 @@
 # frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Settings TwoFactorAuthenticationMethods' do
  context 'when signed in' do
    let(:user) { Fabricate(:user) }
    before { sign_in user }
    describe 'Managing 2FA methods' do
      before { user.update(otp_required_for_login: true) }
      it 'disables 2FA with challenge confirmation', :inline_jobs do
        visit settings_two_factor_authentication_methods_path
        expect(page)
          .to have_content(I18n.t('settings.two_factor_authentication'))
          .and have_private_cache_control
        # Attempt to disable
        click_on I18n.t('two_factor_authentication.disable')
        expect(page)
          .to have_title(I18n.t('challenge.prompt'))
        # Fill in challenge form
        fill_in 'form_challenge_current_password', with: user.password
        emails = capture_emails do
          expect { click_on I18n.t('challenge.confirm') }
            .to change { user.reload.otp_required_for_login }.to(false)
        end
        expect(page)
          .to have_content(I18n.t('two_factor_authentication.disabled_success'))
        expect(emails.first)
          .to be_present
          .and(deliver_to(user.email))
          .and(have_subject(I18n.t('devise.mailer.two_factor_disabled.subject')))
      end
    end
  end
 end