From d51c3ac08753912f58391f1240497e83b10e3076 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Fourn=C3=A8s?= Date: Mon, 26 Feb 2024 17:09:40 +0100 Subject: [PATCH] Add a missing spec to `SessionsController#webauthn_options` (#29277) --- .../auth/sessions_controller_spec.rb | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb index 7adafc6f14..e78554ec7d 100644 --- a/spec/controllers/auth/sessions_controller_spec.rb +++ b/spec/controllers/auth/sessions_controller_spec.rb @@ -414,15 +414,17 @@ RSpec.describe Auth::SessionsController do end describe 'GET #webauthn_options' do + subject { get :webauthn_options, session: { attempt_user_id: user.id } } + + let!(:user) do + Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32)) + end + context 'with WebAuthn and OTP enabled as second factor' do let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" } let(:fake_client) { WebAuthn::FakeClient.new(domain) } - let!(:user) do - Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32)) - end - before do user.update(webauthn_id: WebAuthn.generate_user_id) public_key_credential = WebAuthn::Credential.from_create(fake_client.create) @@ -436,9 +438,18 @@ RSpec.describe Auth::SessionsController do end it 'returns http success' do - get :webauthn_options + subject + expect(response).to have_http_status 200 end end + + context 'when WebAuthn not enabled' do + it 'returns http unauthorized' do + subject + + expect(response).to have_http_status 401 + end + end end end