Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							7bd7705f59 
							
						 
					 
					
						
						
							
							Combine shared-setup examples across spec/controllers/auth/* specs ( #32906 )  
						
						
						
						
					 
					
						2024-11-15 16:07:26 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							df3b954720 
							
						 
					 
					
						
						
							
							Add DomainHelpers spec support module for DNS/MX stub ( #32690 )  
						
						
						
						
					 
					
						2024-10-29 15:35:25 +00:00 
						 
				 
			
				
					
						
							
							
								David Roetzel 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e6cda8388c 
							
						 
					 
					
						
						
							
							Move OTP secret length to configuration ( #32125 )  
						
						
						
						
					 
					
						2024-10-01 09:38:42 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							bf8eaaa9a5 
							
						 
					 
					
						
						
							
							Convert controller spec for security_key_options endpoint to request spec ( #31938 )  
						
						
						
						
					 
					
						2024-09-18 09:42:36 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6b6a80b407 
							
						 
					 
					
						
						
							
							Remove body_as_json in favor of built-in response.parsed_body for JSON response specs ( #31749 )  
						
						
						
						
					 
					
						2024-09-06 09:58:46 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e1b5f3fc6f 
							
						 
					 
					
						
						
							
							Use response.parsed_body for html response checks ( #31750 )  
						
						
						
						
					 
					
						2024-09-04 17:29:05 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							f1003b2560 
							
						 
					 
					
						
						
							
							Enable "zero monkey patching" mode in RSpec ( #31614 )  
						
						
						
						
					 
					
						2024-09-04 05:12:25 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							f1300ad284 
							
						 
					 
					
						
						
							
							Rename jobs/attachments rspec tag names ( #29762 )  
						
						
						
						
					 
					
						2024-07-08 16:01:08 +00:00 
						 
				 
			
				
					
						
							
							
								Damien Mathieu 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1540f42522 
							
						 
					 
					
						
						
							
							Better tests for auth/registrations#update ( #29303 )  
						
						
						
						
					 
					
						2024-02-26 16:09:56 +00:00 
						 
				 
			
				
					
						
							
							
								Wolfgang Fournès 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							d51c3ac087 
							
						 
					 
					
						
						
							
							Add a missing spec to SessionsController#webauthn_options  ( #29277 )  
						
						
						
						
					 
					
						2024-02-26 16:09:40 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							64f9939e39 
							
						 
					 
					
						
						
							
							Use capture_emails helper to improve email assertions in specs ( #29245 )  
						
						
						
						
					 
					
						2024-02-19 15:57:47 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							3454fcbd71 
							
						 
					 
					
						
						
							
							Reduce round trips in auth/sessions spec ( #29233 )  
						
						
						
						
					 
					
						2024-02-16 13:38:49 +00:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e2d9635074 
							
						 
					 
					
						
						
							
							Add notification email on invalid second authenticator ( #28822 )  
						
						
						
						
					 
					
						2024-01-22 13:55:43 +00:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							3593ee2e36 
							
						 
					 
					
						
						
							
							Add rate-limit of TOTP authentication attempts at controller level ( #28801 )  
						
						
						
						
					 
					
						2024-01-19 12:19:49 +00:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e621c1c44c 
							
						 
					 
					
						
						
							
							Fix registrations not checking MX records for email domain blocks requiring approval ( #28608 )  
						
						
						
						
					 
					
						2024-01-15 17:10:57 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							00341c70ff 
							
						 
					 
					
						
						
							
							Use Sidekiq fake! instead of inline! in specs ( #25369 )  
						
						
						
						
					 
					
						2024-01-10 11:06:58 +00:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							dfdadb92e8 
							
						 
					 
					
						
						
							
							Add ability to require approval when users sign up using specific email domains ( #28468 )  
						
						
						
						
					 
					
						2024-01-04 09:07:05 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							513d35969e 
							
						 
					 
					
						
						
							
							Fix RSpec/LetSetup cop in auth controller specs ( #28464 )  
						
						
						
						
					 
					
						2023-12-22 08:03:59 +00:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6fed0fcbaa 
							
						 
					 
					
						
						
							
							Remove unneeded settings cleanup from specs ( #28425 )  
						
						
						
						
					 
					
						2023-12-19 15:17:22 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							b2c5b20ef2 
							
						 
					 
					
						
						
							
							Fix RSpec/AnyInstance cop ( #27810 )  
						
						
						
						
					 
					
						2023-11-14 14:52:59 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							69d00e2721 
							
						 
					 
					
						
						
							
							Fix RSpec/InstanceVariable cop ( #27766 )  
						
						
						
						
					 
					
						2023-11-08 15:42:30 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e545978076 
							
						 
					 
					
						
						
							
							Use framework helpers instead of i-vars in controller specs ( #27767 )  
						
						
						
						
					 
					
						2023-11-08 08:17:43 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							2e6bf60f15 
							
						 
					 
					
						
						
							
							Use deliveries.size in mailer-related examples in controller specs ( #27589 )  
						
						
						
						
					 
					
						2023-10-27 15:33:52 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6c5a2233a8 
							
						 
					 
					
						
						
							
							Fix RSpec/StubbedMock cop ( #25552 )  
						
						... 
						
						
						
						Co-authored-by: Claire <claire.github-309c@sitedethib.com> 
						
						
					 
					
						2023-07-12 10:20:10 +02:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							05f9e39b32 
							
						 
					 
					
						
						
							
							Fix RSpec/VerifiedDoubles cop ( #25469 )  
						
						
						
						
					 
					
						2023-06-22 14:55:22 +02:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6c0e3f490a 
							
						 
					 
					
						
						
							
							Fix RSpec/MissingExampleGroupArgument cop ( #25310 )  
						
						
						
						
					 
					
						2023-06-06 15:51:42 +02:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							0f2c16ac4b 
							
						 
					 
					
						
						
							
							Fix RSpec/NoExpectationExample cop ( #25103 )  
						
						
						
						
					 
					
						2023-05-26 09:41:12 +02:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							604e1c2b11 
							
						 
					 
					
						
						
							
							Remove usage of random sample values in specs ( #24869 )  
						
						
						
						
					 
					
						2023-05-15 20:20:13 +02:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							a610a02d4f 
							
						 
					 
					
						
						
							
							Fix RSpec/ScatteredSetup cop ( #24848 )  
						
						
						
						
					 
					
						2023-05-11 10:32:09 +02:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							c97b611b6b 
							
						 
					 
					
						
						
							
							Fix RSpec/InferredSpecType cop ( #24736 )  
						
						
						
						
					 
					
						2023-05-04 05:49:53 +02:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							710745e16b 
							
						 
					 
					
						
						
							
							Fix RSpec/ContextWording cop ( #24739 )  
						
						
						
						
					 
					
						2023-05-04 05:49:08 +02:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							d00e45a7d3 
							
						 
					 
					
						
						
							
							Fix Rails/I18nLocaleAssignment cop ( #24693 )  
						
						
						
						
					 
					
						2023-04-30 14:07:03 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e98c86050a 
							
						 
					 
					
						
						
							
							Refactor Cache-Control and Vary definitions ( #24347 )  
						
						
						
						
					 
					
						2023-04-19 16:07:29 +02:00 
						 
				 
			
				
					
						
							
							
								Matt Jankowski 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							688287c59d 
							
						 
					 
					
						
						
							
							Coverage improvement round-out following up previous work ( #23987 )  
						
						
						
						
					 
					
						2023-03-10 13:33:30 +01:00 
						 
				 
			
				
					
						
							
							
								Nick Schonning 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							84cc805cae 
							
						 
					 
					
						
						
							
							Enable Style/FrozenStringLiteralComment for specs ( #23790 )  
						
						
						
						
					 
					
						2023-02-22 09:55:31 +09:00 
						 
				 
			
				
					
						
							
							
								Nick Schonning 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5116347eb7 
							
						 
					 
					
						
						
							
							Autofix Rubocop RSpec/BeEq ( #23740 )  
						
						
						
						
					 
					
						2023-02-20 06:14:50 +01:00 
						 
				 
			
				
					
						
							
							
								Nick Schonning 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							4552685f6b 
							
						 
					 
					
						
						
							
							Autofix Rubocop RSpec/LeadingSubject ( #23670 )  
						
						
						
						
					 
					
						2023-02-20 13:24:14 +09:00 
						 
				 
			
				
					
						
							
							
								Nick Schonning 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							aef0051fd0 
							
						 
					 
					
						
						
							
							Enable Rubocop HTTP status rules ( #23717 )  
						
						
						
						
					 
					
						2023-02-20 11:16:40 +09:00 
						 
				 
			
				
					
						
							
							
								Nick Schonning 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							81ad6c2e39 
							
						 
					 
					
						
						
							
							Autofix Rubocop Style/StringLiterals ( #23695 )  
						
						
						
						
					 
					
						2023-02-19 07:38:14 +09:00 
						 
				 
			
				
					
						
							
							
								Nick Schonning 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							634368c491 
							
						 
					 
					
						
						
							
							Autofix Rubocop Lint/SymbolConversion ( #23683 )  
						
						
						
						
					 
					
						2023-02-18 03:23:49 +01:00 
						 
				 
			
				
					
						
							
							
								Nick Schonning 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							669f6d2c0a 
							
						 
					 
					
						
						
							
							Run rubocop formatting except line length ( #23632 )  
						
						
						
						
					 
					
						2023-02-18 06:56:20 +09:00 
						 
				 
			
				
					
						
							
							
								Francis Murillo 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5fb1c3e934 
							
						 
					 
					
						
						
							
							Revoke all authorized applications on password reset ( #21325 )  
						
						... 
						
						
						
						* Clear sessions on password change
* Rename User::clear_sessions to revoke_access for a clearer meaning
* Add reset paassword controller test
* Use User.find instead of User.find_for_authentication for reset password test
* Use redirect and render for better test meaning in reset password
Co-authored-by: Effy Elden <effy@effy.space> 
						
						
					 
					
						2022-12-15 15:47:06 +01:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							327eed0076 
							
						 
					 
					
						
						
							
							Fix suspicious sign-in mails never being sent ( #18599 )  
						
						... 
						
						
						
						* Add tests
* Fix suspicious sign-in mails never being sent 
						
						
					 
					
						2022-06-21 15:16:22 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6221b36b27 
							
						 
					 
					
						
						
							
							Remove sign-in token authentication, instead send e-mail about new sign-in ( #17970 )  
						
						
						
						
					 
					
						2022-04-06 20:58:12 +02:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e38fc319dc 
							
						 
					 
					
						
						
							
							Refactor and improve tests ( #17386 )  
						
						... 
						
						
						
						* Change account and user fabricators to simplify and improve tests
- `Fabricate(:account)` implicitly fabricates an associated `user` if
  no `domain` attribute is given (an account with `domain: nil` is
  considered a local account, but no user record was created), unless
  `user: nil` is passed
- `Fabricate(:account, user: Fabricate(:user))` should still be possible
  but is discouraged.
* Fix and refactor tests
- avoid passing unneeded attributes to `Fabricate(:user)` or
  `Fabricate(:account)`
- avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other
  way around
- prefer `Fabricate(:user, account_attributes: …)` to
  `Fabricate(:user, account: Fabricate(:account, …)`
- also, some tests were using remote accounts with local user records, which is
  not representative of production code. 
						
						
					 
					
						2022-01-28 00:46:42 +01:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							8e84ebf0cb 
							
						 
					 
					
						
						
							
							Remove IP tracking columns from users table ( #16409 )  
						
						
						
						
					 
					
						2022-01-16 13:23:50 +01:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							24f9ea7818 
							
						 
					 
					
						
						
							
							Fix webauthn secure key authentication ( #16792 )  
						
						... 
						
						
						
						* Add tests
* Fix webauthn secure key authentication
Fixes  #16769  
						
						
					 
					
						2021-09-30 05:26:29 +02:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							94bcf45321 
							
						 
					 
					
						
						
							
							Fix authentication failures after going halfway through a sign-in attempt ( #16607 )  
						
						... 
						
						
						
						* Add tests
* Add security-related tests
My first (unpublished) attempt at fixing the issues introduced (extremely
hard-to-exploit) security vulnerabilities, addressing them in a test.
* Fix authentication failures after going halfway through a sign-in attempt
* Refactor `authenticate_with_sign_in_token` and `authenticate_with_two_factor` to make the two authentication steps more obvious 
						
						
					 
					
						2021-08-25 22:52:41 +02:00 
						 
				 
			
				
					
						
							
							
								Claire 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							8c44b723bb 
							
						 
					 
					
						
						
							
							Change confirmations controller to redirect to / for approved users ( #16151 )  
						
						... 
						
						
						
						Clicking the confirmation link multiple times currently leads to entering
account settings, which can be confusing. This commit changes that so that
it redirects to the root path, so it behaves the same way as clicking only
once in most cases. 
						
						
					 
					
						2021-05-03 15:45:19 +02:00 
						 
				 
			
				
					
						
							
							
								Eugen Rochko 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							9aa37b32c3 
							
						 
					 
					
						
						
							
							Add details to error response for POST /api/v1/accounts in REST API ( #15803 )  
						
						
						
						
					 
					
						2021-03-01 04:59:13 +01:00