Commit 298eb449 authored by Timothy Andrew's avatar Timothy Andrew

Update `u2f_spec` to cover U2F being disabled until authenticator is set up.

parent fbb06125
...@@ -12,39 +12,24 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature: ...@@ -12,39 +12,24 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
describe "registration" do describe "registration" do
let(:user) { create(:user) } let(:user) { create(:user) }
before { login_as(user) }
describe 'when 2FA via OTP is disabled' do before do
it 'allows registering a new device' do login_as(user)
visit profile_account_path user.update_attribute(:otp_required_for_login, true)
click_on 'Enable Two-Factor Authentication'
register_u2f_device
expect(page.body).to match('Your U2F device was registered')
end end
it 'allows registering more than one device' do describe 'when 2FA via OTP is disabled' do
visit profile_account_path before { user.update_attribute(:otp_required_for_login, false) }
# First device it 'does not allow registering a new device' do
visit profile_account_path
click_on 'Enable Two-Factor Authentication' click_on 'Enable Two-Factor Authentication'
register_u2f_device
expect(page.body).to match('Your U2F device was registered')
# Second device
click_on 'Manage Two-Factor Authentication'
register_u2f_device
expect(page.body).to match('Your U2F device was registered')
click_on 'Manage Two-Factor Authentication'
expect(page.body).to match('You have 2 U2F devices registered') expect(page).to have_button('Setup New U2F Device', disabled: true)
end end
end end
describe 'when 2FA via OTP is enabled' do describe 'when 2FA via OTP is enabled' do
before { user.update_attributes(otp_required_for_login: true) }
it 'allows registering a new device' do it 'allows registering a new device' do
visit profile_account_path visit profile_account_path
click_on 'Manage Two-Factor Authentication' click_on 'Manage Two-Factor Authentication'
...@@ -67,7 +52,6 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature: ...@@ -67,7 +52,6 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
click_on 'Manage Two-Factor Authentication' click_on 'Manage Two-Factor Authentication'
register_u2f_device register_u2f_device
expect(page.body).to match('Your U2F device was registered') expect(page.body).to match('Your U2F device was registered')
click_on 'Manage Two-Factor Authentication' click_on 'Manage Two-Factor Authentication'
expect(page.body).to match('You have 2 U2F devices registered') expect(page.body).to match('You have 2 U2F devices registered')
end end
...@@ -76,15 +60,16 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature: ...@@ -76,15 +60,16 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
it 'allows the same device to be registered for multiple users' do it 'allows the same device to be registered for multiple users' do
# First user # First user
visit profile_account_path visit profile_account_path
click_on 'Enable Two-Factor Authentication' click_on 'Manage Two-Factor Authentication'
u2f_device = register_u2f_device u2f_device = register_u2f_device
expect(page.body).to match('Your U2F device was registered') expect(page.body).to match('Your U2F device was registered')
logout logout
# Second user # Second user
login_as(:user) user = login_as(:user)
user.update_attribute(:otp_required_for_login, true)
visit profile_account_path visit profile_account_path
click_on 'Enable Two-Factor Authentication' click_on 'Manage Two-Factor Authentication'
register_u2f_device(u2f_device) register_u2f_device(u2f_device)
expect(page.body).to match('Your U2F device was registered') expect(page.body).to match('Your U2F device was registered')
...@@ -94,7 +79,7 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature: ...@@ -94,7 +79,7 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
context "when there are form errors" do context "when there are form errors" do
it "doesn't register the device if there are errors" do it "doesn't register the device if there are errors" do
visit profile_account_path visit profile_account_path
click_on 'Enable Two-Factor Authentication' click_on 'Manage Two-Factor Authentication'
# Have the "u2f device" respond with bad data # Have the "u2f device" respond with bad data
page.execute_script("u2f.register = function(_,_,_,callback) { callback('bad response'); };") page.execute_script("u2f.register = function(_,_,_,callback) { callback('bad response'); };")
...@@ -109,7 +94,7 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature: ...@@ -109,7 +94,7 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
it "allows retrying registration" do it "allows retrying registration" do
visit profile_account_path visit profile_account_path
click_on 'Enable Two-Factor Authentication' click_on 'Manage Two-Factor Authentication'
# Failed registration # Failed registration
page.execute_script("u2f.register = function(_,_,_,callback) { callback('bad response'); };") page.execute_script("u2f.register = function(_,_,_,callback) { callback('bad response'); };")
...@@ -133,8 +118,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature: ...@@ -133,8 +118,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
before do before do
# Register and logout # Register and logout
login_as(user) login_as(user)
user.update_attribute(:otp_required_for_login, true)
visit profile_account_path visit profile_account_path
click_on 'Enable Two-Factor Authentication' click_on 'Manage Two-Factor Authentication'
@u2f_device = register_u2f_device @u2f_device = register_u2f_device
logout logout
end end
...@@ -154,7 +140,7 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature: ...@@ -154,7 +140,7 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
describe "when 2FA via OTP is enabled" do describe "when 2FA via OTP is enabled" do
it "allows logging in with the U2F device" do it "allows logging in with the U2F device" do
user.update_attributes(otp_required_for_login: true) user.update_attribute(:otp_required_for_login, true)
login_with(user) login_with(user)
@u2f_device.respond_to_u2f_authentication @u2f_device.respond_to_u2f_authentication
...@@ -171,8 +157,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature: ...@@ -171,8 +157,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
it "does not allow logging in with that particular device" do it "does not allow logging in with that particular device" do
# Register current user with the different U2F device # Register current user with the different U2F device
current_user = login_as(:user) current_user = login_as(:user)
current_user.update_attribute(:otp_required_for_login, true)
visit profile_account_path visit profile_account_path
click_on 'Enable Two-Factor Authentication' click_on 'Manage Two-Factor Authentication'
register_u2f_device register_u2f_device
logout logout
...@@ -191,8 +178,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature: ...@@ -191,8 +178,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
it "allows logging in with that particular device" do it "allows logging in with that particular device" do
# Register current user with the same U2F device # Register current user with the same U2F device
current_user = login_as(:user) current_user = login_as(:user)
current_user.update_attribute(:otp_required_for_login, true)
visit profile_account_path visit profile_account_path
click_on 'Enable Two-Factor Authentication' click_on 'Manage Two-Factor Authentication'
register_u2f_device(@u2f_device) register_u2f_device(@u2f_device)
logout logout
...@@ -227,8 +215,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature: ...@@ -227,8 +215,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
before do before do
login_as(user) login_as(user)
user.update_attribute(:otp_required_for_login, true)
visit profile_account_path visit profile_account_path
click_on 'Enable Two-Factor Authentication' click_on 'Manage Two-Factor Authentication'
register_u2f_device register_u2f_device
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment