Add basic test and change unlock strategy

3 years ago · 978042ac09
2 changed files with 27 additions and 1 deletions
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -205,7 +205,7 @@ Devise.setup do |config|
  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
  # :both  = Enables both strategies
  # :none  = No unlock strategy. You should handle unlocking by yourself.
-  config.unlock_strategy = :time
+  config.unlock_strategy = :none

  # Number of authentication tries before locking an account if lock_strategy
  # is failed attempts.
--- a/spec/features/auth/user_lockout_spec.rb
+++ b/spec/features/auth/user_lockout_spec.rb
@ -0,0 +1,26 @@
+require "rails_helper"
+
+RSpec.describe "User Lockout" do
+  let(:user) { FactoryBot.create(:user) }
+  let(:attempt_number) { Devise.maximum_attempts }
+
+  context "when login-in with the wrong password up to a maximum number of attempts" do
+    before do
+      attempt_number.times do
+        visit("/users/sign-in")
+        fill_in("user[email]", with: user.email)
+        fill_in("user[password]", with: "wrong_password")
+        click_button("Sign in")
+      end
+    end
+
+    it "locks the user account" do
+      visit("/users/sign-in")
+      fill_in("user[email]", with: user.email)
+      fill_in("user[password]", with: user.password)
+      click_button("Sign in")
+      expect(page).to have_http_status(:unprocessable_entity)
+      expect(page).to have_content("Your account is locked.")
+    end
+  end
+end