From 2100dfc1c92a996fb74cfa21c2979c1368b3057d Mon Sep 17 00:00:00 2001
From: baarkerlounger <db@slothlife.xyz>
Date: Wed, 25 May 2022 15:33:23 +0100
Subject: [PATCH] Remove remaining spec references

---
 app/controllers/auth/passwords_controller.rb |  6 +--
 app/controllers/auth/sessions_controller.rb  | 18 ++-----
 spec/features/auth/user_lockout_spec.rb      | 50 --------------------
 spec/requests/rack_attack_spec.rb            | 41 ----------------
 4 files changed, 6 insertions(+), 109 deletions(-)

diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb
index c26529157..e6b1f3a49 100644
--- a/app/controllers/auth/passwords_controller.rb
+++ b/app/controllers/auth/passwords_controller.rb
@@ -62,12 +62,8 @@ protected
     resource.need_two_factor_authentication?(request) ? :updated_2FA : :updated
   end
 
-  def resource_class_name
-    resource_class.name.underscore
-  end
-
   def after_sending_reset_password_instructions_path_for(_resource)
-    account_password_reset_confirmation_path(email: params.dig(resource_class_name, "email"))
+    account_password_reset_confirmation_path(email: params.dig("user", "email"))
   end
 
   def after_resetting_password_path_for(resource)
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
index 7bf44f50e..1180a51de 100644
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -3,12 +3,12 @@ class Auth::SessionsController < Devise::SessionsController
 
   def create
     self.resource = User.new
-    if params.dig(resource_class_name, "email").empty?
+    if params.dig("user", "email").empty?
       resource.errors.add :email, "Enter an email address"
-    elsif !email_valid?(params.dig(resource_class_name, "email"))
+    elsif !email_valid?(params.dig("user", "email"))
       resource.errors.add :email, "Enter an email address in the correct format, like name@example.com"
     end
-    if params.dig(resource_class_name, "password").empty?
+    if params.dig("user", "password").empty?
       resource.errors.add :password, "Enter a password"
     end
     if resource.errors.present?
@@ -20,19 +20,11 @@ class Auth::SessionsController < Devise::SessionsController
 
 private
 
-  def resource_class
-    User
-  end
-
-  def resource_class_name
-    resource_class.name.underscore
-  end
-
   def after_sign_in_path_for(resource)
     if resource.need_two_factor_authentication?(request)
-      send("#{resource_name}_two_factor_authentication_path")
+      user_two_factor_authentication_path
     else
-      params.dig(resource_class_name, "start").present? ? case_logs_path : super
+      params.dig("user", "start").present? ? case_logs_path : super
     end
   end
 end
diff --git a/spec/features/auth/user_lockout_spec.rb b/spec/features/auth/user_lockout_spec.rb
index c1ba131df..68cf78b2a 100644
--- a/spec/features/auth/user_lockout_spec.rb
+++ b/spec/features/auth/user_lockout_spec.rb
@@ -2,7 +2,6 @@ require "rails_helper"
 
 RSpec.describe "User Lockout" do
   let(:user) { FactoryBot.create(:user) }
-  let(:admin) { FactoryBot.create(:admin_user) }
   let(:max_login_attempts) { Devise.maximum_attempts }
   let(:max_2fa_attempts) { Devise.max_login_attempts }
   let(:notify_client) { instance_double(Notifications::Client) }
@@ -26,53 +25,4 @@ RSpec.describe "User Lockout" do
       expect(page).to have_content(I18n.t("devise.failure.locked"))
     end
   end
-
-  context "when login-in with the wrong admin password up to a maximum number of attempts" do
-    before do
-      visit("/admin/sign-in")
-      max_login_attempts.times do
-        fill_in("admin_user[email]", with: admin.email)
-        fill_in("admin_user[password]", with: "wrong_password")
-        click_button("Sign in")
-      end
-    end
-
-    it "locks the admin account" do
-      visit("/admin/sign-in")
-      fill_in("admin_user[email]", with: admin.email)
-      fill_in("admin_user[password]", with: admin.password)
-      click_button("Sign in")
-      expect(page).to have_http_status(:unprocessable_entity)
-      expect(page).to have_content(I18n.t("devise.failure.locked"))
-    end
-  end
-
-  context "when login-in with the right admin password and incorrect 2FA token up to a maximum number of attempts" do
-    let(:devise_notify_mailer) { DeviseNotifyMailer.new }
-
-    before do
-      allow(DeviseNotifyMailer).to receive(:new).and_return(devise_notify_mailer)
-      allow(devise_notify_mailer).to receive(:notify_client).and_return(notify_client)
-      allow(notify_client).to receive(:send_email).and_return(true)
-
-      visit("/admin/sign-in")
-      fill_in("admin_user[email]", with: admin.email)
-      fill_in("admin_user[password]", with: admin.password)
-      click_button("Sign in")
-
-      max_2fa_attempts.times do
-        fill_in("code", with: "random")
-        click_button("Submit")
-      end
-    end
-
-    it "locks the admin account" do
-      visit("/admin/sign-in")
-      fill_in("admin_user[email]", with: admin.email)
-      fill_in("admin_user[password]", with: admin.password)
-      click_button("Sign in")
-      expect(page).to have_http_status(:unprocessable_entity)
-      expect(page).to have_content(I18n.t("devise.two_factor_authentication.account_locked"))
-    end
-  end
 end
diff --git a/spec/requests/rack_attack_spec.rb b/spec/requests/rack_attack_spec.rb
index a7d4bd34c..25ad55cac 100644
--- a/spec/requests/rack_attack_spec.rb
+++ b/spec/requests/rack_attack_spec.rb
@@ -12,11 +12,8 @@ describe "Rack::Attack" do
   let(:devise_notify_mailer) { DeviseNotifyMailer.new }
 
   let(:params) { { user: { email: } } }
-  let(:admin_params) { { admin_user: { email: admin_email } } }
   let(:user) { FactoryBot.create(:user) }
-  let(:admin_user) { FactoryBot.create(:admin_user) }
   let(:email) { user.email }
-  let(:admin_email) { admin_user.email }
 
   before do
     Rack::Attack.enabled = true
@@ -40,15 +37,6 @@ describe "Rack::Attack" do
         last_response = response
         expect(last_response.status).to eq(200)
       end
-
-      it "does not throttle for an admin user" do
-        under_limit.times do
-          post "/admin/password", params: admin_params
-          follow_redirect!
-        end
-        last_response = response
-        expect(last_response.status).to eq(200)
-      end
     end
 
     context "when the number of requests is at the throttle limit" do
@@ -60,26 +48,6 @@ describe "Rack::Attack" do
         last_response = response
         expect(last_response.status).to eq(200)
       end
-
-      it "does not throttle for an admin user" do
-        limit.times do
-          post "/admin/password", params: admin_params
-          follow_redirect!
-        end
-        last_response = response
-        expect(last_response.status).to eq(200)
-      end
-
-      it "does not throttle if both endpoints are hit" do
-        limit.times do
-          post "/account/password", params: params
-          follow_redirect!
-          post "/admin/password", params: admin_params
-          follow_redirect!
-        end
-        last_response = response
-        expect(last_response.status).to eq(200)
-      end
     end
 
     context "when the number of requests is over the throttle limit" do
@@ -91,15 +59,6 @@ describe "Rack::Attack" do
         last_response = response
         expect(last_response.status).to eq(429)
       end
-
-      it "throttles for an admin user" do
-        over_limit.times do
-          post "/admin/password", params: admin_params
-          follow_redirect!
-        end
-        last_response = response
-        expect(last_response.status).to eq(429)
-      end
     end
   end
 end