Convert controller spec for security_key_options endpoint to request spec (#31938)

This commit is contained in:
Matt Jankowski 2024-09-18 05:42:36 -04:00 committed by GitHub
parent 6f836c45aa
commit bf8eaaa9a5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 50 additions and 40 deletions

View file

@ -412,44 +412,4 @@ RSpec.describe Auth::SessionsController do
end end
end end
end end
describe 'GET #webauthn_options' do
subject { get :webauthn_options, session: { attempt_user_id: user.id } }
let!(:user) do
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
end
context 'with WebAuthn and OTP enabled as second factor' do
let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" }
let(:fake_client) { WebAuthn::FakeClient.new(domain) }
before do
user.update(webauthn_id: WebAuthn.generate_user_id)
public_key_credential = WebAuthn::Credential.from_create(fake_client.create)
user.webauthn_credentials.create(
nickname: 'SecurityKeyNickname',
external_id: public_key_credential.id,
public_key: public_key_credential.public_key,
sign_count: '1000'
)
post :create, params: { user: { email: user.email, password: user.password } }
end
it 'returns http success' do
subject
expect(response).to have_http_status 200
end
end
context 'when WebAuthn not enabled' do
it 'returns http unauthorized' do
subject
expect(response).to have_http_status 401
end
end
end
end end

View file

@ -0,0 +1,50 @@
# frozen_string_literal: true
require 'rails_helper'
require 'webauthn/fake_client'
RSpec.describe 'Security Key Options' do
describe 'GET /auth/sessions/security_key_options' do
let!(:user) do
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
end
context 'with WebAuthn and OTP enabled as second factor' do
let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" }
let(:fake_client) { WebAuthn::FakeClient.new(domain) }
let(:public_key_credential) { WebAuthn::Credential.from_create(fake_client.create) }
before do
user.update(webauthn_id: WebAuthn.generate_user_id)
Fabricate(
:webauthn_credential,
user_id: user.id,
external_id: public_key_credential.id,
public_key: public_key_credential.public_key
)
post '/auth/sign_in', params: { user: { email: user.email, password: user.password } }
end
it 'returns http success' do
get '/auth/sessions/security_key_options'
expect(response)
.to have_http_status 200
expect(response.content_type)
.to start_with('application/json')
end
end
context 'when WebAuthn not enabled' do
it 'returns http unauthorized' do
get '/auth/sessions/security_key_options'
expect(response)
.to have_http_status 401
expect(response.content_type)
.to start_with('application/json')
end
end
end
end