baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Submit social housing lettings and sales data (CORE)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
945 Commits
233 Branches
250 Tags
74 MiB
 
 
 
 
Tree: 0142d476ca
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0142d476ca'
${ noResults }
submit-social-housing-letti.../spec/features/auth/user_lockout_spec.rb

75 lines
2.6 KiB
Raw Blame History

require "rails_helper"
RSpec.describe "User Lockout" do
let(:user) { FactoryBot.create(:user) }
let(:admin) { FactoryBot.create(:admin_user) }
let(:max_login_attempts) { Devise.maximum_attempts }
let(:max_2fa_attempts) { Devise.max_login_attempts }
let(:notify_client) { instance_double(Notifications::Client) }
context "when login-in with the wrong user password up to a maximum number of attempts" do
before do
visit("/account/sign-in")
max_login_attempts.times do
fill_in("user[email]", with: user.email)
fill_in("user[password]", with: "wrong_password")
click_button("Sign in")
end
end
it "locks the user account" do
visit("/account/sign-in")
fill_in("user[email]", with: user.email)
fill_in("user[password]", with: user.password)
click_button("Sign in")
expect(page).to have_http_status(:unprocessable_entity)
expect(page).to have_content("Your account is locked.")
end
end
context "when login-in with the wrong admin password up to a maximum number of attempts" do
before do
visit("/admin/sign-in")
max_login_attempts.times do
fill_in("admin_user[email]", with: admin.email)
fill_in("admin_user[password]", with: "wrong_password")
click_button("Sign in")
end
end
it "locks the admin account" do
visit("/admin/sign-in")
fill_in("admin_user[email]", with: admin.email)
fill_in("admin_user[password]", with: admin.password)
click_button("Sign in")
expect(page).to have_http_status(:unprocessable_entity)
expect(page).to have_content("Your account is locked.")
end
end
context "when login-in with the right admin password and incorrect 2FA token up to a maximum number of attempts" do
before do
allow(Sms).to receive(:notify_client).and_return(notify_client)
allow(notify_client).to receive(:send_sms).and_return(true)
visit("/admin/sign-in")
fill_in("admin_user[email]", with: admin.email)
fill_in("admin_user[password]", with: admin.password)
click_button("Sign in")
max_2fa_attempts.times do
fill_in("code", with: "random")
click_button("Submit")
end
end
it "locks the admin account" do
visit("/admin/sign-in")
fill_in("admin_user[email]", with: admin.email)
fill_in("admin_user[password]", with: admin.password)
click_button("Sign in")
expect(page).to have_http_status(:unprocessable_entity)
expect(page).to have_content(I18n.t("devise.two_factor_authentication.account_locked"))
end
end
end