Commit Graph

91 Commits (feature-starter-packs)

Author SHA1 Message Date
Matt Jankowski 7bd7705f59
Combine shared-setup examples across `spec/controllers/auth/*` specs (#32906) 1 month ago
Matt Jankowski df3b954720
Add `DomainHelpers` spec support module for DNS/MX stub (#32690) 2 months ago
David Roetzel e6cda8388c
Move OTP secret length to configuration (#32125) 3 months ago
Matt Jankowski bf8eaaa9a5
Convert controller spec for security_key_options endpoint to request spec (#31938) 3 months ago
Matt Jankowski 6b6a80b407
Remove `body_as_json` in favor of built-in `response.parsed_body` for JSON response specs (#31749) 4 months ago
Matt Jankowski e1b5f3fc6f
Use `response.parsed_body` for html response checks (#31750) 4 months ago
Matt Jankowski f1003b2560
Enable "zero monkey patching" mode in RSpec (#31614) 4 months ago
Matt Jankowski f1300ad284
Rename jobs/attachments rspec tag names (#29762) 6 months ago
Damien Mathieu 1540f42522
Better tests for auth/registrations#update (#29303) 10 months ago
Wolfgang Fournès d51c3ac087
Add a missing spec to `SessionsController#webauthn_options` (#29277) 10 months ago
Matt Jankowski 64f9939e39
Use `capture_emails` helper to improve email assertions in specs (#29245) 10 months ago
Matt Jankowski 3454fcbd71
Reduce round trips in auth/sessions spec (#29233) 10 months ago
Claire e2d9635074
Add notification email on invalid second authenticator (#28822) 11 months ago
Claire 3593ee2e36
Add rate-limit of TOTP authentication attempts at controller level (#28801) 11 months ago
Claire e621c1c44c
Fix registrations not checking MX records for email domain blocks requiring approval (#28608) 12 months ago
Matt Jankowski 00341c70ff
Use Sidekiq `fake!` instead of `inline!` in specs (#25369) 12 months ago
Claire dfdadb92e8
Add ability to require approval when users sign up using specific email domains (#28468) 12 months ago
Matt Jankowski 513d35969e
Fix `RSpec/LetSetup` cop in auth controller specs (#28464) 1 year ago
Claire 6fed0fcbaa
Remove unneeded settings cleanup from specs (#28425) 1 year ago
Matt Jankowski b2c5b20ef2
Fix `RSpec/AnyInstance` cop (#27810) 1 year ago
Matt Jankowski 69d00e2721
Fix `RSpec/InstanceVariable` cop (#27766) 1 year ago
Matt Jankowski e545978076
Use framework helpers instead of i-vars in controller specs (#27767) 1 year ago
Matt Jankowski 2e6bf60f15
Use `deliveries.size` in mailer-related examples in controller specs (#27589) 1 year ago
Matt Jankowski 6c5a2233a8
Fix `RSpec/StubbedMock` cop (#25552)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
1 year ago
Matt Jankowski 05f9e39b32
Fix `RSpec/VerifiedDoubles` cop (#25469) 2 years ago
Matt Jankowski 6c0e3f490a
Fix RSpec/MissingExampleGroupArgument cop (#25310) 2 years ago
Matt Jankowski 0f2c16ac4b
Fix RSpec/NoExpectationExample cop (#25103) 2 years ago
Matt Jankowski 604e1c2b11
Remove usage of random sample values in specs (#24869) 2 years ago
Matt Jankowski a610a02d4f
Fix RSpec/ScatteredSetup cop (#24848) 2 years ago
Matt Jankowski c97b611b6b
Fix RSpec/InferredSpecType cop (#24736) 2 years ago
Matt Jankowski 710745e16b
Fix RSpec/ContextWording cop (#24739) 2 years ago
Matt Jankowski d00e45a7d3
Fix Rails/I18nLocaleAssignment cop (#24693) 2 years ago
Eugen Rochko e98c86050a
Refactor `Cache-Control` and `Vary` definitions (#24347) 2 years ago
Matt Jankowski 688287c59d
Coverage improvement round-out following up previous work (#23987) 2 years ago
Nick Schonning 84cc805cae
Enable Style/FrozenStringLiteralComment for specs (#23790) 2 years ago
Nick Schonning 5116347eb7
Autofix Rubocop RSpec/BeEq (#23740) 2 years ago
Nick Schonning 4552685f6b
Autofix Rubocop RSpec/LeadingSubject (#23670) 2 years ago
Nick Schonning aef0051fd0
Enable Rubocop HTTP status rules (#23717) 2 years ago
Nick Schonning 81ad6c2e39
Autofix Rubocop Style/StringLiterals (#23695) 2 years ago
Nick Schonning 634368c491
Autofix Rubocop Lint/SymbolConversion (#23683) 2 years ago
Nick Schonning 669f6d2c0a
Run rubocop formatting except line length (#23632) 2 years ago
Francis Murillo 5fb1c3e934
Revoke all authorized applications on password reset (#21325)
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
2 years ago
Claire 327eed0076
Fix suspicious sign-in mails never being sent (#18599)
* Add tests

* Fix suspicious sign-in mails never being sent
3 years ago
Eugen Rochko 6221b36b27
Remove sign-in token authentication, instead send e-mail about new sign-in (#17970) 3 years ago
Claire e38fc319dc
Refactor and improve tests (#17386)
* Change account and user fabricators to simplify and improve tests

- `Fabricate(:account)` implicitly fabricates an associated `user` if
  no `domain` attribute is given (an account with `domain: nil` is
  considered a local account, but no user record was created), unless
  `user: nil` is passed
- `Fabricate(:account, user: Fabricate(:user))` should still be possible
  but is discouraged.

* Fix and refactor tests

- avoid passing unneeded attributes to `Fabricate(:user)` or
  `Fabricate(:account)`
- avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other
  way around
- prefer `Fabricate(:user, account_attributes: …)` to
  `Fabricate(:user, account: Fabricate(:account, …)`
- also, some tests were using remote accounts with local user records, which is
  not representative of production code.
3 years ago
Eugen Rochko 8e84ebf0cb
Remove IP tracking columns from users table (#16409) 3 years ago
Claire 24f9ea7818
Fix webauthn secure key authentication (#16792)
* Add tests

* Fix webauthn secure key authentication

Fixes #16769
3 years ago
Claire 94bcf45321
Fix authentication failures after going halfway through a sign-in attempt (#16607)
* Add tests

* Add security-related tests

My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.

* Fix authentication failures after going halfway through a sign-in attempt

* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious
3 years ago
Claire 8c44b723bb
Change confirmations controller to redirect to / for approved users (#16151)
Clicking the confirmation link multiple times currently leads to entering
account settings, which can be confusing. This commit changes that so that
it redirects to the root path, so it behaves the same way as clicking only
once in most cases.
4 years ago
Eugen Rochko 9aa37b32c3
Add `details` to error response for `POST /api/v1/accounts` in REST API (#15803) 4 years ago