Add a missing spec to `SessionsController#webauthn_options` (#29277)
This commit is contained in:
parent
c7555271a6
commit
d51c3ac087
|
@ -414,15 +414,17 @@ RSpec.describe Auth::SessionsController do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'GET #webauthn_options' do
|
describe 'GET #webauthn_options' do
|
||||||
|
subject { get :webauthn_options, session: { attempt_user_id: user.id } }
|
||||||
|
|
||||||
|
let!(:user) do
|
||||||
|
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
|
||||||
|
end
|
||||||
|
|
||||||
context 'with WebAuthn and OTP enabled as second factor' do
|
context 'with WebAuthn and OTP enabled as second factor' do
|
||||||
let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" }
|
let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" }
|
||||||
|
|
||||||
let(:fake_client) { WebAuthn::FakeClient.new(domain) }
|
let(:fake_client) { WebAuthn::FakeClient.new(domain) }
|
||||||
|
|
||||||
let!(:user) do
|
|
||||||
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
|
|
||||||
end
|
|
||||||
|
|
||||||
before do
|
before do
|
||||||
user.update(webauthn_id: WebAuthn.generate_user_id)
|
user.update(webauthn_id: WebAuthn.generate_user_id)
|
||||||
public_key_credential = WebAuthn::Credential.from_create(fake_client.create)
|
public_key_credential = WebAuthn::Credential.from_create(fake_client.create)
|
||||||
|
@ -436,9 +438,18 @@ RSpec.describe Auth::SessionsController do
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'returns http success' do
|
it 'returns http success' do
|
||||||
get :webauthn_options
|
subject
|
||||||
|
|
||||||
expect(response).to have_http_status 200
|
expect(response).to have_http_status 200
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when WebAuthn not enabled' do
|
||||||
|
it 'returns http unauthorized' do
|
||||||
|
subject
|
||||||
|
|
||||||
|
expect(response).to have_http_status 401
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue