Remove remaining spec references

3 years ago · 2100dfc1c9
4 changed files with 6 additions and 109 deletions
--- a/app/controllers/auth/passwords_controller.rb
+++ b/app/controllers/auth/passwords_controller.rb
@ -62,12 +62,8 @@ protected
    resource.need_two_factor_authentication?(request) ? :updated_2FA : :updated
  end

-  def resource_class_name
-    resource_class.name.underscore
-  end
-
  def after_sending_reset_password_instructions_path_for(_resource)
-    account_password_reset_confirmation_path(email: params.dig(resource_class_name, "email"))
+    account_password_reset_confirmation_path(email: params.dig("user", "email"))
  end

  def after_resetting_password_path_for(resource)
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@ -3,12 +3,12 @@ class Auth::SessionsController < Devise::SessionsController

  def create
    self.resource = User.new
-    if params.dig(resource_class_name, "email").empty?
+    if params.dig("user", "email").empty?
      resource.errors.add :email, "Enter an email address"
-    elsif !email_valid?(params.dig(resource_class_name, "email"))
+    elsif !email_valid?(params.dig("user", "email"))
      resource.errors.add :email, "Enter an email address in the correct format, like name@example.com"
    end
-    if params.dig(resource_class_name, "password").empty?
+    if params.dig("user", "password").empty?
      resource.errors.add :password, "Enter a password"
    end
    if resource.errors.present?
@ -20,19 +20,11 @@ class Auth::SessionsController < Devise::SessionsController

 private

-  def resource_class
-    User
-  end
-
-  def resource_class_name
-    resource_class.name.underscore
-  end
-
  def after_sign_in_path_for(resource)
    if resource.need_two_factor_authentication?(request)
-      send("#{resource_name}_two_factor_authentication_path")
+      user_two_factor_authentication_path
    else
-      params.dig(resource_class_name, "start").present? ? case_logs_path : super
+      params.dig("user", "start").present? ? case_logs_path : super
    end
  end
 end
--- a/spec/features/auth/user_lockout_spec.rb
+++ b/spec/features/auth/user_lockout_spec.rb
@ -2,7 +2,6 @@ require "rails_helper"

 RSpec.describe "User Lockout" do
  let(:user) { FactoryBot.create(:user) }
-  let(:admin) { FactoryBot.create(:admin_user) }
  let(:max_login_attempts) { Devise.maximum_attempts }
  let(:max_2fa_attempts) { Devise.max_login_attempts }
  let(:notify_client) { instance_double(Notifications::Client) }
@ -26,53 +25,4 @@ RSpec.describe "User Lockout" do
      expect(page).to have_content(I18n.t("devise.failure.locked"))
    end
  end
-
-  context "when login-in with the wrong admin password up to a maximum number of attempts" do
-    before do
-      visit("/admin/sign-in")
-      max_login_attempts.times do
-        fill_in("admin_user[email]", with: admin.email)
-        fill_in("admin_user[password]", with: "wrong_password")
-        click_button("Sign in")
-      end
-    end
-
-    it "locks the admin account" do
-      visit("/admin/sign-in")
-      fill_in("admin_user[email]", with: admin.email)
-      fill_in("admin_user[password]", with: admin.password)
-      click_button("Sign in")
-      expect(page).to have_http_status(:unprocessable_entity)
-      expect(page).to have_content(I18n.t("devise.failure.locked"))
-    end
-  end
-
-  context "when login-in with the right admin password and incorrect 2FA token up to a maximum number of attempts" do
-    let(:devise_notify_mailer) { DeviseNotifyMailer.new }
-
-    before do
-      allow(DeviseNotifyMailer).to receive(:new).and_return(devise_notify_mailer)
-      allow(devise_notify_mailer).to receive(:notify_client).and_return(notify_client)
-      allow(notify_client).to receive(:send_email).and_return(true)
-
-      visit("/admin/sign-in")
-      fill_in("admin_user[email]", with: admin.email)
-      fill_in("admin_user[password]", with: admin.password)
-      click_button("Sign in")
-
-      max_2fa_attempts.times do
-        fill_in("code", with: "random")
-        click_button("Submit")
-      end
-    end
-
-    it "locks the admin account" do
-      visit("/admin/sign-in")
-      fill_in("admin_user[email]", with: admin.email)
-      fill_in("admin_user[password]", with: admin.password)
-      click_button("Sign in")
-      expect(page).to have_http_status(:unprocessable_entity)
-      expect(page).to have_content(I18n.t("devise.two_factor_authentication.account_locked"))
-    end
-  end
 end
--- a/spec/requests/rack_attack_spec.rb
+++ b/spec/requests/rack_attack_spec.rb
@ -12,11 +12,8 @@ describe "Rack::Attack" do
  let(:devise_notify_mailer) { DeviseNotifyMailer.new }

  let(:params) { { user: { email: } } }
-  let(:admin_params) { { admin_user: { email: admin_email } } }
  let(:user) { FactoryBot.create(:user) }
-  let(:admin_user) { FactoryBot.create(:admin_user) }
  let(:email) { user.email }
-  let(:admin_email) { admin_user.email }

  before do
    Rack::Attack.enabled = true
@ -40,15 +37,6 @@ describe "Rack::Attack" do
        last_response = response
        expect(last_response.status).to eq(200)
      end
-
-      it "does not throttle for an admin user" do
-        under_limit.times do
-          post "/admin/password", params: admin_params
-          follow_redirect!
-        end
-        last_response = response
-        expect(last_response.status).to eq(200)
-      end
    end

    context "when the number of requests is at the throttle limit" do
@ -60,26 +48,6 @@ describe "Rack::Attack" do
        last_response = response
        expect(last_response.status).to eq(200)
      end
-
-      it "does not throttle for an admin user" do
-        limit.times do
-          post "/admin/password", params: admin_params
-          follow_redirect!
-        end
-        last_response = response
-        expect(last_response.status).to eq(200)
-      end
-
-      it "does not throttle if both endpoints are hit" do
-        limit.times do
-          post "/account/password", params: params
-          follow_redirect!
-          post "/admin/password", params: admin_params
-          follow_redirect!
-        end
-        last_response = response
-        expect(last_response.status).to eq(200)
-      end
    end

    context "when the number of requests is over the throttle limit" do
@ -91,15 +59,6 @@ describe "Rack::Attack" do
        last_response = response
        expect(last_response.status).to eq(429)
      end
-
-      it "throttles for an admin user" do
-        over_limit.times do
-          post "/admin/password", params: admin_params
-          follow_redirect!
-        end
-        last_response = response
-        expect(last_response.status).to eq(429)
-      end
    end
  end
 end