You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
162 lines
5.6 KiB
162 lines
5.6 KiB
require "rails_helper" |
|
|
|
RSpec.describe "Admin Panel" do |
|
let!(:admin) { FactoryBot.create(:admin_user) } |
|
let(:devise_notify_mailer) { DeviseNotifyMailer.new } |
|
let(:notify_client) { instance_double(Notifications::Client) } |
|
let(:mfa_template_id) { AdminUser::MFA_TEMPLATE_ID } |
|
let(:otp) { "999111" } |
|
|
|
before do |
|
allow(DeviseNotifyMailer).to receive(:new).and_return(devise_notify_mailer) |
|
allow(devise_notify_mailer).to receive(:notify_client).and_return(notify_client) |
|
allow(notify_client).to receive(:send_email).and_return(true) |
|
end |
|
|
|
it "shows the admin sign in page" do |
|
visit("/admin") |
|
expect(page).to have_current_path("/admin/sign-in") |
|
expect(page).to have_content("Sign in to your CORE administration account") |
|
end |
|
|
|
context "with a valid 2FA code" do |
|
before do |
|
allow(SecureRandom).to receive(:random_number).and_return(otp) |
|
visit("/admin") |
|
fill_in("admin_user[email]", with: admin.email) |
|
fill_in("admin_user[password]", with: admin.password) |
|
end |
|
|
|
it "authenticates successfully" do |
|
expect(notify_client).to receive(:send_email).with( |
|
{ |
|
email_address: admin.email, |
|
template_id: mfa_template_id, |
|
personalisation: { otp: }, |
|
}, |
|
) |
|
click_button("Sign in") |
|
fill_in("code", with: otp) |
|
click_button("Submit") |
|
expect(page).to have_content("Dashboard") |
|
expect(page).to have_content(I18n.t("devise.two_factor_authentication.success")) |
|
end |
|
|
|
context "but it is more than 15 minutes old" do |
|
it "does not authenticate successfully" do |
|
click_button("Sign in") |
|
admin.update!(direct_otp_sent_at: 16.minutes.ago) |
|
fill_in("code", with: otp) |
|
click_button("Submit") |
|
expect(page).to have_content("Check your email") |
|
expect(page).to have_http_status(:unprocessable_entity) |
|
expect(page).to have_title("Error") |
|
expect(page).to have_selector("#error-summary-title") |
|
end |
|
end |
|
end |
|
|
|
context "with an invalid 2FA code" do |
|
it "does not authenticate successfully" do |
|
visit("/admin") |
|
fill_in("admin_user[email]", with: admin.email) |
|
fill_in("admin_user[password]", with: admin.password) |
|
click_button("Sign in") |
|
fill_in("code", with: otp) |
|
click_button("Submit") |
|
expect(page).to have_content("Check your email") |
|
expect(page).to have_http_status(:unprocessable_entity) |
|
expect(page).to have_title("Error") |
|
expect(page).to have_selector("#error-summary-title") |
|
end |
|
end |
|
|
|
context "when the 2FA code needs to be resent" do |
|
before do |
|
visit("/admin") |
|
fill_in("admin_user[email]", with: admin.email) |
|
fill_in("admin_user[password]", with: admin.password) |
|
click_button("Sign in") |
|
end |
|
|
|
it "displays the resend view" do |
|
click_link("Not received an email?") |
|
expect(page).to have_button("Resend security code") |
|
end |
|
|
|
it "send a new OTP code and redirects back to the 2FA view" do |
|
click_link("Not received an email?") |
|
expect { click_button("Resend security code") }.to(change { admin.reload.direct_otp }) |
|
expect(page).to have_current_path("/admin/two-factor-authentication") |
|
end |
|
end |
|
|
|
context "when logging out and in again" do |
|
before do |
|
allow(SecureRandom).to receive(:random_number).and_return(otp) |
|
end |
|
|
|
it "requires the 2FA code on each login" do |
|
visit("/admin") |
|
fill_in("admin_user[email]", with: admin.email) |
|
fill_in("admin_user[password]", with: admin.password) |
|
click_button("Sign in") |
|
fill_in("code", with: otp) |
|
click_button("Submit") |
|
click_link("Logout") |
|
visit("/admin") |
|
fill_in("admin_user[email]", with: admin.email) |
|
fill_in("admin_user[password]", with: admin.password) |
|
click_button("Sign in") |
|
expect(page).to have_content("Check your email") |
|
end |
|
end |
|
|
|
context "when the admin has forgotten their password" do |
|
let!(:admin_user) { FactoryBot.create(:admin_user, last_sign_in_at: Time.zone.now) } |
|
let(:reset_password_token) { "MCDH5y6Km-U7CFPgAMVS" } |
|
|
|
before do |
|
allow(Devise.token_generator).to receive(:generate).and_return(reset_password_token) |
|
end |
|
|
|
it " is redirected to the reset password page when they click the reset password link" do |
|
visit("/admin") |
|
click_link("reset your password") |
|
expect(page).to have_current_path("/admin/password/new") |
|
end |
|
|
|
it " is shown an error message if they submit without entering an email address" do |
|
visit("/admin/password/new") |
|
click_button("Send email") |
|
expect(page).to have_selector("#error-summary-title") |
|
expect(page).to have_selector("#user-email-field-error") |
|
expect(page).to have_title("Error") |
|
end |
|
|
|
it " is redirected to admin login page after reset email is sent" do |
|
visit("/admin/password/new") |
|
fill_in("admin_user[email]", with: admin_user.email) |
|
click_button("Send email") |
|
expect(page).to have_content("Check your email") |
|
end |
|
|
|
it " is sent a reset password email via Notify" do |
|
expect(notify_client).to receive(:send_email).with( |
|
{ |
|
email_address: admin_user.email, |
|
template_id: admin_user.reset_password_notify_template, |
|
personalisation: { |
|
name: admin_user.email, |
|
email: admin_user.email, |
|
organisation: "", |
|
link: "http://localhost:3000/admin/password/edit?reset_password_token=#{reset_password_token}", |
|
}, |
|
}, |
|
) |
|
visit("/admin/password/new") |
|
fill_in("admin_user[email]", with: admin_user.email) |
|
click_button("Send email") |
|
end |
|
end |
|
end
|
|
|