|
|
|
|
require "rails_helper"
|
|
|
|
|
|
|
|
|
|
RSpec.describe "Admin Panel" do
|
|
|
|
|
let!(:admin) { FactoryBot.create(:admin_user) }
|
|
|
|
|
let(:notify_client) { instance_double(Notifications::Client) }
|
|
|
|
|
let(:mfa_template_id) { AdminUser::MFA_SMS_TEMPLATE_ID }
|
|
|
|
|
let(:otp) { "999111" }
|
|
|
|
|
|
|
|
|
|
before do
|
|
|
|
|
allow(Sms).to receive(:notify_client).and_return(notify_client)
|
|
|
|
|
allow(notify_client).to receive(:send_sms).and_return(true)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context "with a valid 2FA code" do
|
|
|
|
|
before do
|
|
|
|
|
allow(SecureRandom).to receive(:random_number).and_return(otp)
|
|
|
|
|
visit("/admin")
|
|
|
|
|
fill_in("admin_user[email]", with: admin.email)
|
|
|
|
|
fill_in("admin_user[password]", with: admin.password)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "authenticates successfully" do
|
|
|
|
|
expect(notify_client).to receive(:send_sms).with(
|
|
|
|
|
hash_including(phone_number: admin.phone, template_id: mfa_template_id),
|
|
|
|
|
)
|
|
|
|
|
click_button("Login")
|
|
|
|
|
fill_in("code", with: otp)
|
|
|
|
|
click_button("Submit")
|
|
|
|
|
expect(page).to have_content("Dashboard")
|
|
|
|
|
expect(page).to have_content("Two factor authentication successful.")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context "but it is more than 15 minutes old" do
|
|
|
|
|
it "does not authenticate successfully" do
|
|
|
|
|
click_button("Login")
|
|
|
|
|
admin.update!(direct_otp_sent_at: 16.minutes.ago)
|
|
|
|
|
fill_in("code", with: otp)
|
|
|
|
|
click_button("Submit")
|
|
|
|
|
expect(page).to have_content("Check your phone")
|
|
|
|
|
expect(page).to have_http_status(:unprocessable_entity)
|
|
|
|
|
expect(page).to have_title("Error")
|
|
|
|
|
expect(page).to have_selector("#error-summary-title")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context "with an invalid 2FA code" do
|
|
|
|
|
it "does not authenticate successfully" do
|
|
|
|
|
visit("/admin")
|
|
|
|
|
fill_in("admin_user[email]", with: admin.email)
|
|
|
|
|
fill_in("admin_user[password]", with: admin.password)
|
|
|
|
|
click_button("Login")
|
|
|
|
|
fill_in("code", with: otp)
|
|
|
|
|
click_button("Submit")
|
|
|
|
|
expect(page).to have_content("Check your phone")
|
|
|
|
|
expect(page).to have_http_status(:unprocessable_entity)
|
|
|
|
|
expect(page).to have_title("Error")
|
|
|
|
|
expect(page).to have_selector("#error-summary-title")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context "when the 2FA code needs to be resent" do
|
|
|
|
|
before do
|
|
|
|
|
visit("/admin")
|
|
|
|
|
fill_in("admin_user[email]", with: admin.email)
|
|
|
|
|
fill_in("admin_user[password]", with: admin.password)
|
|
|
|
|
click_button("Login")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "displays the resend view" do
|
|
|
|
|
click_link("Not received a text message?")
|
|
|
|
|
expect(page).to have_button("Resend security code")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "send a new OTP code and redirects back to the 2FA view" do
|
|
|
|
|
click_link("Not received a text message?")
|
|
|
|
|
expect { click_button("Resend security code") }.to(change { admin.reload.direct_otp })
|
|
|
|
|
expect(page).to have_current_path("/admin/two-factor-authentication")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context "when logging out and in again" do
|
|
|
|
|
before do
|
|
|
|
|
allow(SecureRandom).to receive(:random_number).and_return(otp)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "requires the 2FA code on each login" do
|
|
|
|
|
visit("/admin")
|
|
|
|
|
fill_in("admin_user[email]", with: admin.email)
|
|
|
|
|
fill_in("admin_user[password]", with: admin.password)
|
|
|
|
|
click_button("Login")
|
|
|
|
|
fill_in("code", with: otp)
|
|
|
|
|
click_button("Submit")
|
|
|
|
|
click_link("Logout")
|
|
|
|
|
fill_in("admin_user[email]", with: admin.email)
|
|
|
|
|
fill_in("admin_user[password]", with: admin.password)
|
|
|
|
|
click_button("Login")
|
|
|
|
|
expect(page).to have_content("Check your phone")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
