From 21cb62ef61fdf902668a00af3026be15ea6a056b Mon Sep 17 00:00:00 2001
From: baarkerlounger <db@slothlife.xyz>
Date: Wed, 2 Feb 2022 12:06:25 +0000
Subject: [PATCH] Test OTP code expiry

---
 spec/features/admin_panel_spec.rb | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/spec/features/admin_panel_spec.rb b/spec/features/admin_panel_spec.rb
index 6625cdaa3..8fe96f9c6 100644
--- a/spec/features/admin_panel_spec.rb
+++ b/spec/features/admin_panel_spec.rb
@@ -14,21 +14,31 @@ RSpec.describe "Admin Panel" do
   context "with a valid 2FA code" do
     before do
       allow(SecureRandom).to receive(:random_number).and_return(otp)
+      visit("/admin")
+      fill_in("admin_user[email]", with: admin.email)
+      fill_in("admin_user[password]", with: admin.password)
     end
 
     it "authenticates successfully" do
       expect(notify_client).to receive(:send_sms).with(
         hash_including(phone_number: admin.phone, template_id: mfa_template_id),
       )
-      visit("/admin")
-      fill_in("admin_user[email]", with: admin.email)
-      fill_in("admin_user[password]", with: admin.password)
       click_button("Login")
       fill_in("code", with: otp)
       click_button("Submit")
       expect(page).to have_content("Dashboard")
       expect(page).to have_content("Two factor authentication successful.")
     end
+
+    context "but it is more than 5 minutes old" do
+      it "does not authenticate successfully" do
+        click_button("Login")
+        admin.update!(direct_otp_sent_at: 10.minutes.ago)
+        fill_in("code", with: otp)
+        click_button("Submit")
+        expect(page).to have_content("Check your phone")
+      end
+    end
   end
 
   context "with an invalid 2FA code" do