Reduce round trips in auth/sessions spec (#29233)

This commit is contained in:
Matt Jankowski 2024-02-16 08:38:49 -05:00 committed by GitHub
parent a316c0e38d
commit 3454fcbd71
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -57,11 +57,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: 'pam_user1', password: '123456' } } post :create, params: { user: { email: 'pam_user1', password: '123456' } }
end end
it 'redirects to home' do it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path) expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to be_instance_of(User) expect(controller.current_user).to be_instance_of(User)
end end
end end
@ -71,11 +69,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: 'pam_user1', password: 'WRONGPW' } } post :create, params: { user: { email: 'pam_user1', password: 'WRONGPW' } }
end end
it 'shows a login error' do it 'shows a login error and does not log the user in' do
expect(flash[:alert]).to match I18n.t('devise.failure.invalid', authentication_keys: I18n.t('activerecord.attributes.user.email')) expect(flash[:alert]).to match I18n.t('devise.failure.invalid', authentication_keys: I18n.t('activerecord.attributes.user.email'))
end
it "doesn't log the user in" do
expect(controller.current_user).to be_nil expect(controller.current_user).to be_nil
end end
end end
@ -92,11 +88,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: user.email, password: '123456' } } post :create, params: { user: { email: user.email, password: '123456' } }
end end
it 'redirects to home' do it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path) expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user expect(controller.current_user).to eq user
end end
end end
@ -110,16 +104,16 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: user.email, password: user.password } } post :create, params: { user: { email: user.email, password: user.password } }
end end
it 'redirects to home' do it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path) expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user expect(controller.current_user).to eq user
end end
end end
context 'when using a valid password on a previously-used account with a new IP address' do context 'when using a valid password on a previously-used account with a new IP address' do
subject { post :create, params: { user: { email: user.email, password: user.password } } }
let(:previous_ip) { '1.2.3.4' } let(:previous_ip) { '1.2.3.4' }
let(:current_ip) { '4.3.2.1' } let(:current_ip) { '4.3.2.1' }
@ -127,18 +121,17 @@ RSpec.describe Auth::SessionsController do
Fabricate(:login_activity, user: user, ip: previous_ip) Fabricate(:login_activity, user: user, ip: previous_ip)
allow(controller.request).to receive(:remote_ip).and_return(current_ip) allow(controller.request).to receive(:remote_ip).and_return(current_ip)
user.update(current_sign_in_at: 1.month.ago) user.update(current_sign_in_at: 1.month.ago)
post :create, params: { user: { email: user.email, password: user.password } }
end end
it 'redirects to home' do it 'logs the user in and sends suspicious email and redirects home', :sidekiq_inline do
expect(response).to redirect_to(root_path) subject
end
it 'logs the user in' do expect(response)
expect(controller.current_user).to eq user .to redirect_to(root_path)
end
expect(controller.current_user)
.to eq user
it 'sends a suspicious sign-in mail', :sidekiq_inline do
expect(UserMailer.deliveries.size).to eq(1) expect(UserMailer.deliveries.size).to eq(1)
expect(UserMailer.deliveries.first.to.first).to eq(user.email) expect(UserMailer.deliveries.first.to.first).to eq(user.email)
expect(UserMailer.deliveries.first.subject).to eq(I18n.t('user_mailer.suspicious_sign_in.subject')) expect(UserMailer.deliveries.first.subject).to eq(I18n.t('user_mailer.suspicious_sign_in.subject'))
@ -150,11 +143,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: user.email.upcase, password: user.password } } post :create, params: { user: { email: user.email.upcase, password: user.password } }
end end
it 'redirects to home' do it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path) expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user expect(controller.current_user).to eq user
end end
end end
@ -164,11 +155,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { email: user.email, password: 'wrongpw' } } post :create, params: { user: { email: user.email, password: 'wrongpw' } }
end end
it 'shows a login error' do it 'shows a login error and does not log the user in' do
expect(flash[:alert]).to match I18n.t('devise.failure.invalid', authentication_keys: I18n.t('activerecord.attributes.user.email')) expect(flash[:alert]).to match I18n.t('devise.failure.invalid', authentication_keys: I18n.t('activerecord.attributes.user.email'))
end
it "doesn't log the user in" do
expect(controller.current_user).to be_nil expect(controller.current_user).to be_nil
end end
end end
@ -270,7 +259,7 @@ RSpec.describe Auth::SessionsController do
travel_to '2023-12-20T10:00:00Z' travel_to '2023-12-20T10:00:00Z'
end end
it 'does not log the user in' do it 'does not log the user in, sets a flash message, and sends a suspicious sign in email', :sidekiq_inline do
Auth::SessionsController::MAX_2FA_ATTEMPTS_PER_HOUR.times do Auth::SessionsController::MAX_2FA_ATTEMPTS_PER_HOUR.times do
post :create, params: { user: { otp_attempt: '1234' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } post :create, params: { user: { otp_attempt: '1234' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
expect(controller.current_user).to be_nil expect(controller.current_user).to be_nil
@ -278,17 +267,10 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
expect(controller.current_user).to be_nil expect(controller.current_user)
expect(flash[:alert]).to match I18n.t('users.rate_limited') .to be_nil
end expect(flash[:alert])
.to match I18n.t('users.rate_limited')
it 'sends a suspicious sign-in mail', :sidekiq_inline do
Auth::SessionsController::MAX_2FA_ATTEMPTS_PER_HOUR.times do
post :create, params: { user: { otp_attempt: '1234' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
expect(controller.current_user).to be_nil
end
post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
expect(UserMailer.deliveries.size).to eq(1) expect(UserMailer.deliveries.size).to eq(1)
expect(UserMailer.deliveries.first.to.first).to eq(user.email) expect(UserMailer.deliveries.first.to.first).to eq(user.email)
@ -301,11 +283,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
end end
it 'redirects to home' do it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path) expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user expect(controller.current_user).to eq user
end end
end end
@ -318,11 +298,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
end end
it 'shows a login error' do it 'shows a login error and does not log the user in' do
expect(flash[:alert]).to match I18n.t('users.invalid_otp_token') expect(flash[:alert]).to match I18n.t('users.invalid_otp_token')
end
it "doesn't log the user in" do
expect(controller.current_user).to be_nil expect(controller.current_user).to be_nil
end end
end end
@ -332,11 +310,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { otp_attempt: recovery_codes.first } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } post :create, params: { user: { otp_attempt: recovery_codes.first } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
end end
it 'redirects to home' do it 'redirects to home and logs the user in' do
expect(response).to redirect_to(root_path) expect(response).to redirect_to(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user expect(controller.current_user).to eq user
end end
end end
@ -346,11 +322,9 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { otp_attempt: 'wrongotp' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } post :create, params: { user: { otp_attempt: 'wrongotp' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
end end
it 'shows a login error' do it 'shows a login error and does not log the user in' do
expect(flash[:alert]).to match I18n.t('users.invalid_otp_token') expect(flash[:alert]).to match I18n.t('users.invalid_otp_token')
end
it "doesn't log the user in" do
expect(controller.current_user).to be_nil expect(controller.current_user).to be_nil
end end
end end
@ -417,15 +391,11 @@ RSpec.describe Auth::SessionsController do
post :create, params: { user: { credential: fake_credential } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s } post :create, params: { user: { credential: fake_credential } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
end end
it 'instructs the browser to redirect to home' do it 'instructs the browser to redirect to home, logs the user in, and updates the sign count' do
expect(body_as_json[:redirect_path]).to eq(root_path) expect(body_as_json[:redirect_path]).to eq(root_path)
end
it 'logs the user in' do
expect(controller.current_user).to eq user expect(controller.current_user).to eq user
end
it 'updates the sign count' do
expect(webauthn_credential.reload.sign_count).to eq(sign_count) expect(webauthn_credential.reload.sign_count).to eq(sign_count)
end end
end end