173 lines
4.9 KiB
Ruby
173 lines
4.9 KiB
Ruby
|
require_relative '../../../spec_helper'
|
||
|
|
||
|
describe Carto::Api::MultifactorAuthenticationController do
|
||
|
include_context 'organization with users helper'
|
||
|
include Rack::Test::Methods
|
||
|
include Warden::Test::Helpers
|
||
|
|
||
|
before(:each) do
|
||
|
::User.any_instance.stubs(:validate_credentials_not_taken_in_central).returns(true)
|
||
|
::User.any_instance.stubs(:create_in_central).returns(true)
|
||
|
::User.any_instance.stubs(:update_in_central).returns(true)
|
||
|
::User.any_instance.stubs(:delete_in_central).returns(true)
|
||
|
::User.any_instance.stubs(:load_common_data).returns(true)
|
||
|
::User.any_instance.stubs(:reload_avatar).returns(true)
|
||
|
end
|
||
|
|
||
|
describe 'MFA show' do
|
||
|
after(:each) do
|
||
|
@org_user_1.user_multifactor_auths.each(&:destroy!)
|
||
|
end
|
||
|
|
||
|
it 'returns 401 for non authorized calls' do
|
||
|
get api_v2_organization_users_mfa_show_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
)
|
||
|
last_response.status.should == 401
|
||
|
end
|
||
|
|
||
|
it 'returns 401 for non authorized users' do
|
||
|
login(@org_user_1)
|
||
|
|
||
|
get api_v2_organization_users_mfa_show_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
)
|
||
|
last_response.status.should == 401
|
||
|
end
|
||
|
|
||
|
it 'correctly shows MFA configured' do
|
||
|
login(@organization.owner)
|
||
|
@organization.owner.reload
|
||
|
|
||
|
FactoryGirl.create(:totp, user_id: @org_user_1.id)
|
||
|
get api_v2_organization_users_mfa_show_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
)
|
||
|
expect(JSON.parse(last_response.body)['mfa_required']).to eq true
|
||
|
end
|
||
|
|
||
|
it 'correctly shows MFA not configured' do
|
||
|
login(@organization.owner)
|
||
|
@organization.owner.reload
|
||
|
|
||
|
get api_v2_organization_users_mfa_show_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
)
|
||
|
expect(JSON.parse(last_response.body)['mfa_required']).to eq false
|
||
|
end
|
||
|
end
|
||
|
|
||
|
describe 'MFA creation' do
|
||
|
after(:each) do
|
||
|
@org_user_1.user_multifactor_auths.each(&:destroy!)
|
||
|
end
|
||
|
|
||
|
it 'returns 401 for non authorized calls' do
|
||
|
post api_v2_organization_users_mfa_create_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
)
|
||
|
last_response.status.should == 401
|
||
|
end
|
||
|
|
||
|
it 'returns 401 for non authorized users' do
|
||
|
login(@org_user_1)
|
||
|
|
||
|
post api_v2_organization_users_mfa_create_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
)
|
||
|
last_response.status.should == 401
|
||
|
end
|
||
|
|
||
|
it 'correctly creates an MFA' do
|
||
|
login(@organization.owner)
|
||
|
@organization.owner.reload
|
||
|
|
||
|
expect {
|
||
|
post api_v2_organization_users_mfa_create_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
)
|
||
|
}.to change(@org_user_1.user_multifactor_auths, :count).by(1)
|
||
|
end
|
||
|
|
||
|
it 'raises an error if MFA already exists' do
|
||
|
login(@organization.owner)
|
||
|
@organization.owner.reload
|
||
|
|
||
|
FactoryGirl.create(:totp, user_id: @org_user_1.id)
|
||
|
post api_v2_organization_users_mfa_create_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
) do |response|
|
||
|
response.status.should eq 422
|
||
|
end
|
||
|
|
||
|
@org_user_1.reload
|
||
|
@org_user_1.user_multifactor_auths.count.should eq 1
|
||
|
end
|
||
|
end
|
||
|
|
||
|
describe 'MFA deletion' do
|
||
|
it 'returns 401 for non authorized calls' do
|
||
|
delete api_v2_organization_users_mfa_delete_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
)
|
||
|
last_response.status.should == 401
|
||
|
end
|
||
|
|
||
|
it 'returns 401 for non authorized users' do
|
||
|
login(@org_user_1)
|
||
|
|
||
|
delete api_v2_organization_users_mfa_delete_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
)
|
||
|
last_response.status.should == 401
|
||
|
end
|
||
|
|
||
|
it 'deletes MFA' do
|
||
|
login(@organization.owner)
|
||
|
@organization.owner.reload
|
||
|
FactoryGirl.create(:totp, user_id: @org_user_1.id)
|
||
|
|
||
|
expect {
|
||
|
delete api_v2_organization_users_mfa_delete_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
)
|
||
|
}.to change(@org_user_1.reload.user_multifactor_auths, :count).by(-1)
|
||
|
end
|
||
|
|
||
|
it 'raises an error if MFA does not exist' do
|
||
|
login(@organization.owner)
|
||
|
@organization.owner.reload
|
||
|
|
||
|
delete api_v2_organization_users_mfa_delete_url(
|
||
|
id_or_name: @organization.name,
|
||
|
u_username: @org_user_1.username,
|
||
|
type: 'totp'
|
||
|
)
|
||
|
|
||
|
last_response.status.should eq 422
|
||
|
end
|
||
|
end
|
||
|
end
|