baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Remove remaining spec references

pull/611/head
baarkerlounger 3 years ago
parent
f5f1de4539
commit
2100dfc1c9
4 changed files with 6 additions and 109 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      app/controllers/auth/passwords_controller.rb
  2. 18
      app/controllers/auth/sessions_controller.rb
  3. 50
      spec/features/auth/user_lockout_spec.rb
  4. 41
      spec/requests/rack_attack_spec.rb

6
app/controllers/auth/passwords_controller.rb
Unescape View File

@ -62,12 +62,8 @@ protected
resource.need_two_factor_authentication?(request) ? :updated_2FA : :updated resource.need_two_factor_authentication?(request) ? :updated_2FA : :updated
end end
def resource_class_name
resource_class.name.underscore
end
def after_sending_reset_password_instructions_path_for(_resource) def after_sending_reset_password_instructions_path_for(_resource)
account_password_reset_confirmation_path(email: params.dig(resource_class_name, "email")) account_password_reset_confirmation_path(email: params.dig("user", "email"))
end end
def after_resetting_password_path_for(resource) def after_resetting_password_path_for(resource)

18
app/controllers/auth/sessions_controller.rb
Unescape View File

@ -3,12 +3,12 @@ class Auth::SessionsController < Devise::SessionsController
def create def create
self.resource = User.new self.resource = User.new
if params.dig(resource_class_name, "email").empty? if params.dig("user", "email").empty?
resource.errors.add :email, "Enter an email address" resource.errors.add :email, "Enter an email address"
elsif !email_valid?(params.dig(resource_class_name, "email")) elsif !email_valid?(params.dig("user", "email"))
resource.errors.add :email, "Enter an email address in the correct format, like name@example.com" resource.errors.add :email, "Enter an email address in the correct format, like name@example.com"
end end
if params.dig(resource_class_name, "password").empty? if params.dig("user", "password").empty?
resource.errors.add :password, "Enter a password" resource.errors.add :password, "Enter a password"
end end
if resource.errors.present? if resource.errors.present?
@ -20,19 +20,11 @@ class Auth::SessionsController < Devise::SessionsController
private private
def resource_class
User
end
def resource_class_name
resource_class.name.underscore
end
def after_sign_in_path_for(resource) def after_sign_in_path_for(resource)
if resource.need_two_factor_authentication?(request) if resource.need_two_factor_authentication?(request)
send("#{resource_name}_two_factor_authentication_path") user_two_factor_authentication_path
else else
params.dig(resource_class_name, "start").present? ? case_logs_path : super params.dig("user", "start").present? ? case_logs_path : super
end end
end end
end end

50
spec/features/auth/user_lockout_spec.rb
Unescape View File

@ -2,7 +2,6 @@ require "rails_helper"
RSpec.describe "User Lockout" do RSpec.describe "User Lockout" do
let(:user) { FactoryBot.create(:user) } let(:user) { FactoryBot.create(:user) }
let(:admin) { FactoryBot.create(:admin_user) }
let(:max_login_attempts) { Devise.maximum_attempts } let(:max_login_attempts) { Devise.maximum_attempts }
let(:max_2fa_attempts) { Devise.max_login_attempts } let(:max_2fa_attempts) { Devise.max_login_attempts }
let(:notify_client) { instance_double(Notifications::Client) } let(:notify_client) { instance_double(Notifications::Client) }
@ -26,53 +25,4 @@ RSpec.describe "User Lockout" do
expect(page).to have_content(I18n.t("devise.failure.locked")) expect(page).to have_content(I18n.t("devise.failure.locked"))
end end
end end
context "when login-in with the wrong admin password up to a maximum number of attempts" do
before do
visit("/admin/sign-in")
max_login_attempts.times do
fill_in("admin_user[email]", with: admin.email)
fill_in("admin_user[password]", with: "wrong_password")
click_button("Sign in")
end
end
it "locks the admin account" do
visit("/admin/sign-in")
fill_in("admin_user[email]", with: admin.email)
fill_in("admin_user[password]", with: admin.password)
click_button("Sign in")
expect(page).to have_http_status(:unprocessable_entity)
expect(page).to have_content(I18n.t("devise.failure.locked"))
end
end
context "when login-in with the right admin password and incorrect 2FA token up to a maximum number of attempts" do
let(:devise_notify_mailer) { DeviseNotifyMailer.new }
before do
allow(DeviseNotifyMailer).to receive(:new).and_return(devise_notify_mailer)
allow(devise_notify_mailer).to receive(:notify_client).and_return(notify_client)
allow(notify_client).to receive(:send_email).and_return(true)
visit("/admin/sign-in")
fill_in("admin_user[email]", with: admin.email)
fill_in("admin_user[password]", with: admin.password)
click_button("Sign in")
max_2fa_attempts.times do
fill_in("code", with: "random")
click_button("Submit")
end
end
it "locks the admin account" do
visit("/admin/sign-in")
fill_in("admin_user[email]", with: admin.email)
fill_in("admin_user[password]", with: admin.password)
click_button("Sign in")
expect(page).to have_http_status(:unprocessable_entity)
expect(page).to have_content(I18n.t("devise.two_factor_authentication.account_locked"))
end
end
end end

41
spec/requests/rack_attack_spec.rb
Unescape View File

@ -12,11 +12,8 @@ describe "Rack::Attack" do
let(:devise_notify_mailer) { DeviseNotifyMailer.new } let(:devise_notify_mailer) { DeviseNotifyMailer.new }
let(:params) { { user: { email: } } } let(:params) { { user: { email: } } }
let(:admin_params) { { admin_user: { email: admin_email } } }
let(:user) { FactoryBot.create(:user) } let(:user) { FactoryBot.create(:user) }
let(:admin_user) { FactoryBot.create(:admin_user) }
let(:email) { user.email } let(:email) { user.email }
let(:admin_email) { admin_user.email }
before do before do
Rack::Attack.enabled = true Rack::Attack.enabled = true
@ -40,15 +37,6 @@ describe "Rack::Attack" do
last_response = response last_response = response
expect(last_response.status).to eq(200) expect(last_response.status).to eq(200)
end end
it "does not throttle for an admin user" do
under_limit.times do
post "/admin/password", params: admin_params
follow_redirect!
end
last_response = response
expect(last_response.status).to eq(200)
end
end end
context "when the number of requests is at the throttle limit" do context "when the number of requests is at the throttle limit" do
@ -60,26 +48,6 @@ describe "Rack::Attack" do
last_response = response last_response = response
expect(last_response.status).to eq(200) expect(last_response.status).to eq(200)
end end
it "does not throttle for an admin user" do
limit.times do
post "/admin/password", params: admin_params
follow_redirect!
end
last_response = response
expect(last_response.status).to eq(200)
end
it "does not throttle if both endpoints are hit" do
limit.times do
post "/account/password", params: params
follow_redirect!
post "/admin/password", params: admin_params
follow_redirect!
end
last_response = response
expect(last_response.status).to eq(200)
end
end end
context "when the number of requests is over the throttle limit" do context "when the number of requests is over the throttle limit" do
@ -91,15 +59,6 @@ describe "Rack::Attack" do
last_response = response last_response = response
expect(last_response.status).to eq(429) expect(last_response.status).to eq(429)
end end
it "throttles for an admin user" do
over_limit.times do
post "/admin/password", params: admin_params
follow_redirect!
end
last_response = response
expect(last_response.status).to eq(429)
end
end end
end end
end end

Write Preview
Loading…
Cancel
Save