Convert controller spec for security_key_options endpoint to request spec (#31938)

2024-09-18 05:42:36 -04:00 · 2024-09-18 05:42:36 -04:00 · bf8eaaa9a5
commit bf8eaaa9a5
parent 6f836c45aa
2 changed files with 50 additions and 40 deletions
--- a/spec/controllers/auth/sessions_controller_spec.rb
+++ b/spec/controllers/auth/sessions_controller_spec.rb
@ -412,44 +412,4 @@ RSpec.describe Auth::SessionsController do
      end
    end
  end
  describe 'GET #webauthn_options' do
    subject { get :webauthn_options, session: { attempt_user_id: user.id } }
    let!(:user) do
      Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
    end
    context 'with WebAuthn and OTP enabled as second factor' do
      let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" }
      let(:fake_client) { WebAuthn::FakeClient.new(domain) }
      before do
        user.update(webauthn_id: WebAuthn.generate_user_id)
        public_key_credential = WebAuthn::Credential.from_create(fake_client.create)
        user.webauthn_credentials.create(
          nickname: 'SecurityKeyNickname',
          external_id: public_key_credential.id,
          public_key: public_key_credential.public_key,
          sign_count: '1000'
        )
        post :create, params: { user: { email: user.email, password: user.password } }
      end
      it 'returns http success' do
        subject
        expect(response).to have_http_status 200
      end
    end
    context 'when WebAuthn not enabled' do
      it 'returns http unauthorized' do
        subject
        expect(response).to have_http_status 401
      end
    end
  end
 end
--- a/spec/requests/auth/sessions/security_key_options_spec.rb
+++ b/spec/requests/auth/sessions/security_key_options_spec.rb
@ -0,0 +1,50 @@
 # frozen_string_literal: true
 require 'rails_helper'
 require 'webauthn/fake_client'
 RSpec.describe 'Security Key Options' do
  describe 'GET /auth/sessions/security_key_options' do
    let!(:user) do
      Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
    end
    context 'with WebAuthn and OTP enabled as second factor' do
      let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" }
      let(:fake_client) { WebAuthn::FakeClient.new(domain) }
      let(:public_key_credential) { WebAuthn::Credential.from_create(fake_client.create) }
      before do
        user.update(webauthn_id: WebAuthn.generate_user_id)
        Fabricate(
          :webauthn_credential,
          user_id: user.id,
          external_id: public_key_credential.id,
          public_key: public_key_credential.public_key
        )
        post '/auth/sign_in', params: { user: { email: user.email, password: user.password } }
      end
      it 'returns http success' do
        get '/auth/sessions/security_key_options'
        expect(response)
          .to have_http_status 200
        expect(response.content_type)
          .to start_with('application/json')
      end
    end
    context 'when WebAuthn not enabled' do
      it 'returns http unauthorized' do
        get '/auth/sessions/security_key_options'
        expect(response)
          .to have_http_status 401
        expect(response.content_type)
          .to start_with('application/json')
      end
    end
  end
 end