|
|
|
@ -194,60 +194,49 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do
|
|
|
|
add_webauthn_credential(user)
|
|
|
|
add_webauthn_credential(user)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
context 'when creation succeeds' do
|
|
|
|
it 'adds a new credential to user credentials and does not change webauthn_id when creation succeeds', :aggregate_failures do
|
|
|
|
it 'adds a new credential to user credentials and does not change webauthn_id', :aggregate_failures do
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
expect do
|
|
|
|
expect do
|
|
|
|
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
|
|
|
|
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
|
|
|
|
end.to change { user.webauthn_credentials.count }.by(1)
|
|
|
|
end.to change { user.webauthn_credentials.count }.by(1)
|
|
|
|
.and not_change(user, :webauthn_id)
|
|
|
|
.and not_change(user, :webauthn_id)
|
|
|
|
|
|
|
|
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
context 'when the nickname is already used' do
|
|
|
|
it 'fails when the nickname is already used' do
|
|
|
|
it 'fails' do
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
post :create, params: { credential: new_webauthn_credential, nickname: 'USB Key' }
|
|
|
|
post :create, params: { credential: new_webauthn_credential, nickname: 'USB Key' }
|
|
|
|
|
|
|
|
|
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
expect(flash[:error]).to be_present
|
|
|
|
expect(flash[:error]).to be_present
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
context 'when the credential already exists' do
|
|
|
|
it 'fails when the credential already exists' do
|
|
|
|
before do
|
|
|
|
public_key_credential = WebAuthn::Credential.from_create(new_webauthn_credential)
|
|
|
|
user2 = Fabricate(:user)
|
|
|
|
Fabricate(:webauthn_credential,
|
|
|
|
public_key_credential = WebAuthn::Credential.from_create(new_webauthn_credential)
|
|
|
|
user_id: Fabricate(:user).id,
|
|
|
|
Fabricate(:webauthn_credential,
|
|
|
|
external_id: public_key_credential.id,
|
|
|
|
user_id: user2.id,
|
|
|
|
public_key: public_key_credential.public_key)
|
|
|
|
external_id: public_key_credential.id,
|
|
|
|
|
|
|
|
public_key: public_key_credential.public_key)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
it 'fails' do
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
|
|
|
|
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
|
|
|
|
|
|
|
|
|
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
expect(flash[:error]).to be_present
|
|
|
|
expect(flash[:error]).to be_present
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
context 'when user have not enabled webauthn' do
|
|
|
|
context 'when user have not enabled webauthn and creation succeeds' do
|
|
|
|
context 'when creation succeeds' do
|
|
|
|
it 'creates a webauthn credential' do
|
|
|
|
it 'creates a webauthn credential' do
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
controller.session[:webauthn_challenge] = challenge
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
expect do
|
|
|
|
expect do
|
|
|
|
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
|
|
|
|
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
|
|
|
|
end.to change { user.webauthn_credentials.count }.by(1)
|
|
|
|
end.to change { user.webauthn_credentials.count }.by(1)
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
@ -292,15 +281,13 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do
|
|
|
|
add_webauthn_credential(user)
|
|
|
|
add_webauthn_credential(user)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
context 'when deletion succeeds' do
|
|
|
|
it 'redirects to 2FA methods list and shows flash success and deletes the credential when deletion succeeds', :aggregate_failures do
|
|
|
|
it 'redirects to 2FA methods list and shows flash success and deletes the credential', :aggregate_failures do
|
|
|
|
expect do
|
|
|
|
expect do
|
|
|
|
delete :destroy, params: { id: user.webauthn_credentials.take.id }
|
|
|
|
delete :destroy, params: { id: user.webauthn_credentials.take.id }
|
|
|
|
end.to change { user.webauthn_credentials.count }.by(-1)
|
|
|
|
end.to change { user.webauthn_credentials.count }.by(-1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
expect(response).to redirect_to settings_two_factor_authentication_methods_path
|
|
|
|
expect(response).to redirect_to settings_two_factor_authentication_methods_path
|
|
|
|
expect(flash[:success]).to be_present
|
|
|
|
expect(flash[:success]).to be_present
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
Matt Jankowski
1 year ago
committed by
GitHub