github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 14:12:10 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Review Changes for f4f8a293e7.

Browse Source
This commit is contained in:
Guo Xiang Tan
2018-02-20 14:44:51 +08:00
parent f4f8a293e7
commit 14f3594f9f
47 changed files with 843 additions and 492 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
spec/controllers/session_controller_spec.rb
View File

@ -585,34 +585,50 @@ describe SessionController do
end
context 'when user has 2-factor logins' do
second_factor_data = "rcyryaqage3jexfj"
before do
user.user_second_factor = UserSecondFactor.create(user_id: user.id, method: "totp", data: second_factor_data, enabled: true)
end
let!(:user_second_factor) { Fabricate(:user_second_factor, user: user) }
describe 'failure no 2-factor' do
it 'should return an error' do
describe 'when second factor token is missing' do
it 'should return the right response' do
post :create, params: {
login: user.username, password: 'myawesomepassword'
}, format: :json
expect(JSON.parse(response.body)['error']).to eq(I18n.t('login.invalid_second_factor_code'))
login: user.username,
password: 'myawesomepassword',
}, format: :json
expect(JSON.parse(response.body)['error']).to eq(I18n.t(
'login.invalid_second_factor_code'
))
end
end
describe 'successful 2-factor' do
it 'logs in correctly' do
events = DiscourseEvent.track_events do
post :create, params: {
login: user.username, password: 'myawesomepassword', second_factor_token: ROTP::TOTP.new(second_factor_data).now
}, format: :json
end
expect(events.map { |event| event[:event_name] }).to include(:user_logged_in, :user_first_logged_in)
describe 'when second factor token is invalid' do
it 'should return the right response' do
post :create, params: {
login: user.username,
password: 'myawesomepassword',
second_factor_token: '00000000'
}, format: :json
expect(JSON.parse(response.body)['error']).to eq(I18n.t(
'login.invalid_second_factor_code'
))
end
end
describe 'when second factor token is valid' do
it 'should log the user in' do
post :create, params: {
login: user.username,
password: 'myawesomepassword',
second_factor_token: ROTP::TOTP.new(user_second_factor.data).now
}, format: :json
user.reload
expect(session[:current_user_id]).to eq(user.id)
expect(user.user_auth_tokens.count).to eq(1)
expect(UserAuthToken.hash_token(cookies[:_t])).to eq(user.user_auth_tokens.first.auth_token)
expect(UserAuthToken.hash_token(cookies[:_t]))
.to eq(user.user_auth_tokens.first.auth_token)
end
end
end
@ -810,27 +826,32 @@ describe SessionController do
login: user.username, password: 'myawesomepassword'
}, format: :json
expect(response).not_to be_success
expect(response.status).to eq(429)
json = JSON.parse(response.body)
expect(json["error_type"]).to eq("rate_limit")
end
it 'rate limits second factor attempts' do
RateLimiter.enable
RateLimiter.clear_all!
3.times do
post :create, params: {
login: user.username, password: 'myawesomepassword', second_factor_token: '000000'
}, format: :json
login: user.username,
password: 'myawesomepassword',
second_factor_token: '000000'
}, format: :json
expect(response).to be_success
end
post :create, params: {
login: user.username, password: 'myawesomepassword', second_factor_token: '000000'
}, format: :json
login: user.username,
password: 'myawesomepassword',
second_factor_token: '000000'
}, format: :json
expect(response).not_to be_success
expect(response.status).to eq(429)
json = JSON.parse(response.body)
expect(json["error_type"]).to eq("rate_limit")
end