- add tests for reset token functionality;

- add test to ensure that disable preserves existing token secrets; - move existing token tests to disable_token for clarity;
wmlele · Jun 5, 2024 · 3cf94b9 · 3cf94b9
1 parent 38de469
commit 3cf94b9
Show file tree

Hide file tree

Showing 4 changed files with 103 additions and 32 deletions.
diff --git a/test/integration/disable_token_test.rb b/test/integration/disable_token_test.rb
@@ -0,0 +1,53 @@
+require "test_helper"
+require "integration_tests_helper"
+
+class DisableTokenTest < ActionDispatch::IntegrationTest
+
+  def setup
+    # log in 1fa
+    @user = enable_otp_and_sign_in
+    assert_equal user_otp_credential_path, current_path
+
+    # otp 2fa
+    fill_in "user_token", with: ROTP::TOTP.new(@user.otp_auth_secret).at(Time.now)
+    click_button "Submit Token"
+    assert_equal root_path, current_path
+  end
+
+  def teardown
+    Capybara.reset_sessions!
+  end
+
+  test "disabling OTP after successfully enabling" do
+    # disable OTP
+    disable_otp
+
+    assert page.has_content? "Disabled"
+
+    # logout
+    sign_out
+
+    # log back in 1fa
+    sign_user_in(@user)
+
+    assert_equal root_path, current_path
+  end
+
+  test "disabling OTP does not reset token secrets" do
+    # get otp secrets
+    @user.reload
+    auth_secret = @user.otp_auth_secret
+    recovery_secret = @user.otp_recovery_secret
+
+    # disable OTP
+    disable_otp
+
+    # compare otp secrets
+    assert_not_nil @user.otp_auth_secret
+    assert_equal @user.otp_auth_secret, auth_secret
+
+    assert_not_nil @user.otp_recovery_secret
+    assert_equal @user.otp_recovery_secret, recovery_secret
+  end
+
+end
diff --git a/test/integration/reset_token_test.rb b/test/integration/reset_token_test.rb
@@ -0,0 +1,45 @@
+require "test_helper"
+require "integration_tests_helper"
+
+class ResetTokenTest < ActionDispatch::IntegrationTest
+
+  def setup
+    # log in 1fa
+    @user = enable_otp_and_sign_in
+    assert_equal user_otp_credential_path, current_path
+
+    # otp 2fa
+    fill_in "user_token", with: ROTP::TOTP.new(@user.otp_auth_secret).at(Time.now)
+    click_button "Submit Token"
+    assert_equal root_path, current_path
+  end
+
+
+  def teardown
+    Capybara.reset_sessions!
+  end
+
+  test "redirects to otp_tokens#edit page" do
+    reset_otp
+
+    assert_equal "/users/otp/token/edit", current_path
+  end
+
+  test "generates new token secrets" do
+    # get auth secrets
+    auth_secret = @user.otp_auth_secret
+    recovery_secret = @user.otp_recovery_secret
+
+    # reset otp
+    reset_otp
+
+    # compare auth secrets
+    @user.reload
+    assert_not_nil @user.otp_auth_secret
+    assert_not_equal @user.otp_auth_secret, auth_secret
+
+    assert_not_nil @user.otp_recovery_secret
+    assert_not_equal @user.otp_recovery_secret, recovery_secret
+  end
+
+end
diff --git a/test/integration/token_test.rb b/test/integration/token_test.rb
diff --git a/test/integration_tests_helper.rb b/test/integration_tests_helper.rb
@@ -59,6 +59,11 @@ def disable_otp
     click_button "Disable Two-Factor Authentication"
   end
 
+  def reset_otp
+    visit user_otp_token_path
+    click_button "Reset Token Secret"
+  end
+
   def sign_out
     logout :user
   end