Browse Source

feature spec for checking max attempts before show

master
Ross Kaffenberger 11 years ago
parent
commit
0a57c06d15
  1. 5
      app/controllers/devise/two_factor_authentication_controller.rb
  2. 15
      spec/features/two_factor_authenticatable_spec.rb

5
app/controllers/devise/two_factor_authentication_controller.rb

@ -35,11 +35,10 @@ class Devise::TwoFactorAuthenticationController < DeviseController
def prepare_and_validate def prepare_and_validate
redirect_to :root and return if resource.nil? redirect_to :root and return if resource.nil?
@limit = resource.class.max_login_attempts @limit = resource.max_login_attempts
if resource.max_login_attempts? if resource.max_login_attempts?
binding.pry
sign_out(resource) sign_out(resource)
render :template => 'devise/two_factor_authentication/max_login_attempts_reached' and return render :max_login_attempts_reached and return
end end
end end
end end

15
spec/features/two_factor_authenticatable_spec.rb

@ -42,10 +42,12 @@ feature "User of two factor authentication" do
expect(page).to have_content("You are signed in as Marissa") expect(page).to have_content("You are signed in as Marissa")
end end
scenario "is locked out after 3 failed attempts" do scenario "is locked out after max failed attempts" do
visit user_two_factor_authentication_path visit user_two_factor_authentication_path
3.times do max_attempts = User.max_login_attempts
max_attempts.times do
fill_in "code", with: "incorrect#{rand(100)}" fill_in "code", with: "incorrect#{rand(100)}"
click_button "Submit" click_button "Submit"
@ -57,5 +59,14 @@ feature "User of two factor authentication" do
expect(page).to have_content("Access completely denied") expect(page).to have_content("Access completely denied")
expect(page).to have_content("You are signed out") expect(page).to have_content("You are signed out")
end end
scenario "cannot retry authentication after max attempts" do
user.update_attribute(:second_factor_attempts_count, User.max_login_attempts)
visit user_two_factor_authentication_path
expect(page).to have_content("Access completely denied")
expect(page).to have_content("You are signed out")
end
end end
end end

Loading…
Cancel
Save