From 45e1017c6bb25c14c53a9e11cb5fe91dbf0065ff Mon Sep 17 00:00:00 2001
From: Laney Stroup <laney@stroupsolutions.com>
Date: Wed, 5 Jun 2024 05:15:56 +0900
Subject: [PATCH] - add tests for reset token functionality; - add test to
 ensure that disable preserves existing token secrets; - move existing token
 tests to disable_token for clarity;

---
 test/integration/disable_token_test.rb | 53 ++++++++++++++++++++++++++
 test/integration/reset_token_test.rb   | 45 ++++++++++++++++++++++
 test/integration/token_test.rb         | 32 ----------------
 test/integration_tests_helper.rb       |  5 +++
 4 files changed, 103 insertions(+), 32 deletions(-)
 create mode 100644 test/integration/disable_token_test.rb
 create mode 100644 test/integration/reset_token_test.rb
 delete mode 100644 test/integration/token_test.rb

diff --git a/test/integration/disable_token_test.rb b/test/integration/disable_token_test.rb
new file mode 100644
index 0000000..ff3efbe
--- /dev/null
+++ b/test/integration/disable_token_test.rb
@@ -0,0 +1,53 @@
+require "test_helper"
+require "integration_tests_helper"
+
+class DisableTokenTest < ActionDispatch::IntegrationTest
+
+  def setup
+    # log in 1fa
+    @user = enable_otp_and_sign_in
+    assert_equal user_otp_credential_path, current_path
+
+    # otp 2fa
+    fill_in "user_token", with: ROTP::TOTP.new(@user.otp_auth_secret).at(Time.now)
+    click_button "Submit Token"
+    assert_equal root_path, current_path
+  end
+
+  def teardown
+    Capybara.reset_sessions!
+  end
+
+  test "disabling OTP after successfully enabling" do
+    # disable OTP
+    disable_otp
+
+    assert page.has_content? "Disabled"
+
+    # logout
+    sign_out
+
+    # log back in 1fa
+    sign_user_in(@user)
+
+    assert_equal root_path, current_path
+  end
+
+  test "disabling OTP does not reset token secrets" do
+    # get otp secrets
+    @user.reload
+    auth_secret = @user.otp_auth_secret
+    recovery_secret = @user.otp_recovery_secret
+
+    # disable OTP
+    disable_otp
+
+    # compare otp secrets
+    assert_not_nil @user.otp_auth_secret
+    assert_equal @user.otp_auth_secret, auth_secret
+
+    assert_not_nil @user.otp_recovery_secret
+    assert_equal @user.otp_recovery_secret, recovery_secret
+  end
+
+end
diff --git a/test/integration/reset_token_test.rb b/test/integration/reset_token_test.rb
new file mode 100644
index 0000000..a6eba69
--- /dev/null
+++ b/test/integration/reset_token_test.rb
@@ -0,0 +1,45 @@
+require "test_helper"
+require "integration_tests_helper"
+
+class ResetTokenTest < ActionDispatch::IntegrationTest
+
+  def setup
+    # log in 1fa
+    @user = enable_otp_and_sign_in
+    assert_equal user_otp_credential_path, current_path
+
+    # otp 2fa
+    fill_in "user_token", with: ROTP::TOTP.new(@user.otp_auth_secret).at(Time.now)
+    click_button "Submit Token"
+    assert_equal root_path, current_path
+  end
+
+
+  def teardown
+    Capybara.reset_sessions!
+  end
+
+  test "redirects to otp_tokens#edit page" do
+    reset_otp
+
+    assert_equal "/users/otp/token/edit", current_path
+  end
+
+  test "generates new token secrets" do
+    # get auth secrets
+    auth_secret = @user.otp_auth_secret
+    recovery_secret = @user.otp_recovery_secret
+
+    # reset otp
+    reset_otp
+
+    # compare auth secrets
+    @user.reload
+    assert_not_nil @user.otp_auth_secret
+    assert_not_equal @user.otp_auth_secret, auth_secret
+
+    assert_not_nil @user.otp_recovery_secret
+    assert_not_equal @user.otp_recovery_secret, recovery_secret
+  end
+
+end
diff --git a/test/integration/token_test.rb b/test/integration/token_test.rb
deleted file mode 100644
index ed2f63d..0000000
--- a/test/integration/token_test.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-require "test_helper"
-require "integration_tests_helper"
-
-class TokenTest < ActionDispatch::IntegrationTest
-  def teardown
-    Capybara.reset_sessions!
-  end
-
-  test "disabling OTP after successfully enabling" do
-    # log in 1fa
-    user = enable_otp_and_sign_in
-    assert_equal user_otp_credential_path, current_path
-
-    # otp 2fa
-    fill_in "user_token", with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
-    click_button "Submit Token"
-    assert_equal root_path, current_path
-
-    # disable OTP
-    disable_otp
-
-    assert page.has_content? "Disabled"
-
-    # logout
-    sign_out
-
-    # log back in 1fa
-    sign_user_in(user)
-
-    assert_equal root_path, current_path
-  end
-end
diff --git a/test/integration_tests_helper.rb b/test/integration_tests_helper.rb
index c22a8e0..d25844a 100644
--- a/test/integration_tests_helper.rb
+++ b/test/integration_tests_helper.rb
@@ -48,6 +48,11 @@ def disable_otp
     click_button "Disable Two-Factor Authentication"
   end
 
+  def reset_otp
+    visit user_otp_token_path
+    click_button "Reset Token Secret"
+  end
+
   def sign_out
     logout :user
   end