.circleci
.github
app
bin
chart
config
db
dist
lib
log
nanobox
public
spec
controllers
activitypub
admin
api
auth
concerns
account_controller_concern_spec.rb
accountable_concern_spec.rb
challengable_concern_spec.rb
export_controller_concern_spec.rb
localized_spec.rb
rate_limit_headers_spec.rb
signature_verification_spec.rb
user_tracking_concern_spec.rb
oauth
settings
well_known
about_controller_spec.rb
account_follow_controller_spec.rb
account_unfollow_controller_spec.rb
accounts_controller_spec.rb
application_controller_spec.rb
authorize_interactions_controller_spec.rb
emojis_controller_spec.rb
follower_accounts_controller_spec.rb
following_accounts_controller_spec.rb
home_controller_spec.rb
intents_controller_spec.rb
invites_controller_spec.rb
manifests_controller_spec.rb
media_controller_spec.rb
media_proxy_controller_spec.rb
relationships_controller_spec.rb
remote_follow_controller_spec.rb
remote_interaction_controller_spec.rb
shares_controller_spec.rb
statuses_controller_spec.rb
tags_controller_spec.rb
fabricators
features
fixtures
helpers
lib
mailers
models
policies
presenters
requests
routing
serializers
services
support
validators
views
workers
rails_helper.rb
spec_helper.rb
streaming
vendor
.buildpacks
.codeclimate.yml
.dockerignore
.editorconfig
.env.nanobox
.env.production.sample
.env.test
.env.vagrant
.eslintignore
.eslintrc.js
.foreman
.gitattributes
.gitignore
.haml-lint.yml
.nanoignore
.nvmrc
.profile
.rspec
.rubocop.yml
.ruby-version
.sass-lint.yml
.slugignore
.yarnclean
AUTHORS.md
Aptfile
CHANGELOG.md
CODE_OF_CONDUCT.md
CONTRIBUTING.md
Capfile
Dockerfile
Gemfile
Gemfile.lock
LICENSE
Procfile
Procfile.dev
README.md
Rakefile
SECURITY.md
Vagrantfile
app.json
babel.config.js
boxfile.yml
config.ru
crowdin.yml
docker-compose.yml
ide-helper.js
package.json
postcss.config.js
priv-config
scalingo.json
yarn.lock
115 lines
2.5 KiB
Ruby
115 lines
2.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
RSpec.describe ChallengableConcern, type: :controller do
|
|
controller(ApplicationController) do
|
|
include ChallengableConcern
|
|
|
|
before_action :require_challenge!
|
|
|
|
def foo
|
|
render plain: 'foo'
|
|
end
|
|
|
|
def bar
|
|
render plain: 'bar'
|
|
end
|
|
end
|
|
|
|
before do
|
|
routes.draw do
|
|
get 'foo' => 'anonymous#foo'
|
|
post 'bar' => 'anonymous#bar'
|
|
end
|
|
end
|
|
|
|
context 'with a no-password user' do
|
|
let(:user) { Fabricate(:user, external: true, password: nil) }
|
|
|
|
before do
|
|
sign_in user
|
|
end
|
|
|
|
context 'for GET requests' do
|
|
before { get :foo }
|
|
|
|
it 'does not ask for password' do
|
|
expect(response.body).to eq 'foo'
|
|
end
|
|
end
|
|
|
|
context 'for POST requests' do
|
|
before { post :bar }
|
|
|
|
it 'does not ask for password' do
|
|
expect(response.body).to eq 'bar'
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'with recent challenge in session' do
|
|
let(:password) { 'foobar12345' }
|
|
let(:user) { Fabricate(:user, password: password) }
|
|
|
|
before do
|
|
sign_in user
|
|
end
|
|
|
|
context 'for GET requests' do
|
|
before { get :foo, session: { challenge_passed_at: Time.now.utc } }
|
|
|
|
it 'does not ask for password' do
|
|
expect(response.body).to eq 'foo'
|
|
end
|
|
end
|
|
|
|
context 'for POST requests' do
|
|
before { post :bar, session: { challenge_passed_at: Time.now.utc } }
|
|
|
|
it 'does not ask for password' do
|
|
expect(response.body).to eq 'bar'
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'with a password user' do
|
|
let(:password) { 'foobar12345' }
|
|
let(:user) { Fabricate(:user, password: password) }
|
|
|
|
before do
|
|
sign_in user
|
|
end
|
|
|
|
context 'for GET requests' do
|
|
before { get :foo }
|
|
|
|
it 'renders challenge' do
|
|
expect(response).to render_template('auth/challenges/new')
|
|
end
|
|
|
|
# See Auth::ChallengesControllerSpec
|
|
end
|
|
|
|
context 'for POST requests' do
|
|
before { post :bar }
|
|
|
|
it 'renders challenge' do
|
|
expect(response).to render_template('auth/challenges/new')
|
|
end
|
|
|
|
it 'accepts correct password' do
|
|
post :bar, params: { form_challenge: { current_password: password } }
|
|
expect(response.body).to eq 'bar'
|
|
expect(session[:challenge_passed_at]).to_not be_nil
|
|
end
|
|
|
|
it 'rejects wrong password' do
|
|
post :bar, params: { form_challenge: { current_password: 'dddfff888123' } }
|
|
expect(response.body).to render_template('auth/challenges/new')
|
|
expect(session[:challenge_passed_at]).to be_nil
|
|
end
|
|
end
|
|
end
|
|
end
|