From 978042ac096d0e6073c367f58d5f45a2b016fad6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Meny?= Date: Thu, 10 Mar 2022 11:39:45 +0000 Subject: [PATCH] Add basic test and change unlock strategy --- config/initializers/devise.rb | 2 +- spec/features/auth/user_lockout_spec.rb | 26 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 spec/features/auth/user_lockout_spec.rb diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 4d43e7f3b..3cf91fd81 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -205,7 +205,7 @@ Devise.setup do |config| # :time = Re-enables login after a certain amount of time (see :unlock_in below) # :both = Enables both strategies # :none = No unlock strategy. You should handle unlocking by yourself. - config.unlock_strategy = :time + config.unlock_strategy = :none # Number of authentication tries before locking an account if lock_strategy # is failed attempts. diff --git a/spec/features/auth/user_lockout_spec.rb b/spec/features/auth/user_lockout_spec.rb new file mode 100644 index 000000000..c483973a7 --- /dev/null +++ b/spec/features/auth/user_lockout_spec.rb @@ -0,0 +1,26 @@ +require "rails_helper" + +RSpec.describe "User Lockout" do + let(:user) { FactoryBot.create(:user) } + let(:attempt_number) { Devise.maximum_attempts } + + context "when login-in with the wrong password up to a maximum number of attempts" do + before do + attempt_number.times do + visit("/users/sign-in") + fill_in("user[email]", with: user.email) + fill_in("user[password]", with: "wrong_password") + click_button("Sign in") + end + end + + it "locks the user account" do + visit("/users/sign-in") + fill_in("user[email]", with: user.email) + fill_in("user[password]", with: user.password) + click_button("Sign in") + expect(page).to have_http_status(:unprocessable_entity) + expect(page).to have_content("Your account is locked.") + end + end +end