|
|
|
|
@ -194,8 +194,7 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do
|
|
|
|
|
add_webauthn_credential(user)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when creation succeeds' do
|
|
|
|
|
it 'adds a new credential to user credentials and does not change webauthn_id', :aggregate_failures do
|
|
|
|
|
it 'adds a new credential to user credentials and does not change webauthn_id when creation succeeds', :aggregate_failures do
|
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
|
|
|
|
|
|
expect do
|
|
|
|
|
@ -205,10 +204,8 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do
|
|
|
|
|
|
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when the nickname is already used' do
|
|
|
|
|
it 'fails' do
|
|
|
|
|
it 'fails when the nickname is already used' do
|
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
|
|
|
|
|
|
post :create, params: { credential: new_webauthn_credential, nickname: 'USB Key' }
|
|
|
|
|
@ -216,19 +213,14 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do
|
|
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
|
expect(flash[:error]).to be_present
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when the credential already exists' do
|
|
|
|
|
before do
|
|
|
|
|
user2 = Fabricate(:user)
|
|
|
|
|
it 'fails when the credential already exists' do
|
|
|
|
|
public_key_credential = WebAuthn::Credential.from_create(new_webauthn_credential)
|
|
|
|
|
Fabricate(:webauthn_credential,
|
|
|
|
|
user_id: user2.id,
|
|
|
|
|
user_id: Fabricate(:user).id,
|
|
|
|
|
external_id: public_key_credential.id,
|
|
|
|
|
public_key: public_key_credential.public_key)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'fails' do
|
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
|
|
|
|
|
|
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
|
|
|
|
|
@ -237,10 +229,8 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do
|
|
|
|
|
expect(flash[:error]).to be_present
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when user have not enabled webauthn' do
|
|
|
|
|
context 'when creation succeeds' do
|
|
|
|
|
context 'when user have not enabled webauthn and creation succeeds' do
|
|
|
|
|
it 'creates a webauthn credential' do
|
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
|
|
|
|
|
|
@ -250,7 +240,6 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when user has not enabled otp' do
|
|
|
|
|
before do
|
|
|
|
|
@ -292,8 +281,7 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do
|
|
|
|
|
add_webauthn_credential(user)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when deletion succeeds' do
|
|
|
|
|
it 'redirects to 2FA methods list and shows flash success and deletes the credential', :aggregate_failures do
|
|
|
|
|
it 'redirects to 2FA methods list and shows flash success and deletes the credential when deletion succeeds', :aggregate_failures do
|
|
|
|
|
expect do
|
|
|
|
|
delete :destroy, params: { id: user.webauthn_credentials.take.id }
|
|
|
|
|
end.to change { user.webauthn_credentials.count }.by(-1)
|
|
|
|
|
@ -302,7 +290,6 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do
|
|
|
|
|
expect(flash[:success]).to be_present
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when user does not have webauthn enabled' do
|
|
|
|
|
it 'redirects to 2FA methods list and shows flash error' do
|
|
|
|
|
|
Matt Jankowski
11 months ago
committed by
GitHub