Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-06 09:10:25 +08:00
Code Packages Activity Actions 11

Review Changes for https://github.com/discourse/discourse/pull/5612/commits/f4f8a293e74e6a37c7bee7645d9ca1d72a7d5bd3.

Browse source
This commit is contained in:
Guo Xiang Tan 2018-02-20 14:44:51 +08:00
parent f4f8a293e7
commit 14f3594f9f
47 changed files with 843 additions and 492 deletions
Download patch file Download diff file Expand all files Collapse all files

13
spec/controllers/admin/users_controller_spec.rb
View file

@ -265,19 +265,6 @@ describe Admin::UsersController do
end
end
context '#disable_second_factor' do
before do
@another_user = Fabricate(:user)
SecondFactorHelper.create_totp(@another_user)
end
it 'disables the second factor' do
expect(User.find(@another_user.id).user_second_factor).not_to eq(nil)
put :disable_second_factor, params: { user_id: @another_user.id }, format: :json
expect(User.find(@another_user.id).user_second_factor).to eq(nil)
end
end
context '#add_group' do
let(:user) { Fabricate(:user) }
let(:group) { Fabricate(:group) }

69
spec/controllers/second_factor_controller_spec.rb
View file

@ -1,69 +0,0 @@
require 'rails_helper'
RSpec.describe SecondFactorController, type: :controller do
# featheredtoast-todo also write qunit tests.
describe '.create' do
let(:user) { Fabricate(:user) }
describe 'create 2fa request' do
it 'fails on incorrect password' do
post :create, params: {
login: user.username, password: 'wrongpassword'
}, format: :json
expect(JSON.parse(response.body)['error']).to eq(I18n.t("login.incorrect_username_email_or_password"))
end
it 'succeeds on correct password' do
post :create, params: {
login: user.username, password: 'myawesomepassword'
}, format: :json
expect(JSON.parse(response.body).keys).to contain_exactly('key', 'qr')
end
end
end
describe '.update' do
let(:user) { Fabricate(:user) }
context 'when user has totp setup' do
second_factor_data = "rcyryaqage3jexfj"
before do
user.user_second_factor = UserSecondFactor.create(user_id: user.id, method: "totp", data: second_factor_data)
end
it 'errors on incorrect code' do
post :update, params: {
username: user.username,
token: '000000',
enable: 'true'
}, format: :json
expect(JSON.parse(response.body)['error']).to eq(I18n.t("login.invalid_second_factor_code"))
user.reload
end
it 'can be enabled' do
post :update, params: {
username: user.username,
token: ROTP::TOTP.new(second_factor_data).now,
enable: 'true'
}, format: :json
expect(JSON.parse(response.body)['result']).to eq('ok')
user.reload
expect(user.user_second_factor.enabled).to be true
end
it 'can be disabled' do
post :update, params: {
username: user.username,
enable: 'false',
token: ROTP::TOTP.new(second_factor_data).now
}, format: :json
expect(JSON.parse(response.body)['result']).to eq('ok')
user.reload
expect(user.user_second_factor).to be_nil
end
end
end
end

69
spec/controllers/session_controller_spec.rb
View file

@ -585,34 +585,50 @@ describe SessionController do
end
context 'when user has 2-factor logins' do
second_factor_data = "rcyryaqage3jexfj"
before do
user.user_second_factor = UserSecondFactor.create(user_id: user.id, method: "totp", data: second_factor_data, enabled: true)
end
let!(:user_second_factor) { Fabricate(:user_second_factor, user: user) }
describe 'failure no 2-factor' do
it 'should return an error' do
describe 'when second factor token is missing' do
it 'should return the right response' do
post :create, params: {
login: user.username, password: 'myawesomepassword'
}, format: :json
expect(JSON.parse(response.body)['error']).to eq(I18n.t('login.invalid_second_factor_code'))
login: user.username,
password: 'myawesomepassword',
}, format: :json
expect(JSON.parse(response.body)['error']).to eq(I18n.t(
'login.invalid_second_factor_code'
))
end
end
describe 'successful 2-factor' do
it 'logs in correctly' do
events = DiscourseEvent.track_events do
post :create, params: {
login: user.username, password: 'myawesomepassword', second_factor_token: ROTP::TOTP.new(second_factor_data).now
}, format: :json
end
expect(events.map { |event| event[:event_name] }).to include(:user_logged_in, :user_first_logged_in)
describe 'when second factor token is invalid' do
it 'should return the right response' do
post :create, params: {
login: user.username,
password: 'myawesomepassword',
second_factor_token: '00000000'
}, format: :json
expect(JSON.parse(response.body)['error']).to eq(I18n.t(
'login.invalid_second_factor_code'
))
end
end
describe 'when second factor token is valid' do
it 'should log the user in' do
post :create, params: {
login: user.username,
password: 'myawesomepassword',
second_factor_token: ROTP::TOTP.new(user_second_factor.data).now
}, format: :json
user.reload
expect(session[:current_user_id]).to eq(user.id)
expect(user.user_auth_tokens.count).to eq(1)
expect(UserAuthToken.hash_token(cookies[:_t])).to eq(user.user_auth_tokens.first.auth_token)
expect(UserAuthToken.hash_token(cookies[:_t]))
.to eq(user.user_auth_tokens.first.auth_token)
end
end
end
@ -810,27 +826,32 @@ describe SessionController do
login: user.username, password: 'myawesomepassword'
}, format: :json
expect(response).not_to be_success
expect(response.status).to eq(429)
json = JSON.parse(response.body)
expect(json["error_type"]).to eq("rate_limit")
end
it 'rate limits second factor attempts' do
RateLimiter.enable
RateLimiter.clear_all!
3.times do
post :create, params: {
login: user.username, password: 'myawesomepassword', second_factor_token: '000000'
}, format: :json
login: user.username,
password: 'myawesomepassword',
second_factor_token: '000000'
}, format: :json
expect(response).to be_success
end
post :create, params: {
login: user.username, password: 'myawesomepassword', second_factor_token: '000000'
}, format: :json
login: user.username,
password: 'myawesomepassword',
second_factor_token: '000000'
}, format: :json
expect(response).not_to be_success
expect(response.status).to eq(429)
json = JSON.parse(response.body)
expect(json["error_type"]).to eq("rate_limit")
end

36
spec/controllers/users_controller_spec.rb
View file

@ -407,17 +407,11 @@ describe UsersController do
expect(UserAuthToken.where(id: user_token.id).count).to eq(1)
end
context '2-factor required' do
second_factor_data = "rcyryaqage3jexfj"
let(:user) { Fabricate(:user) }
before do
user.user_second_factor = UserSecondFactor.create(user_id: user.id, method: "totp", data: second_factor_data, enabled: true)
end
context '2 factor authentication required' do
let!(:second_factor) { Fabricate(:user_second_factor, user: user) }
it 'does not change with an invalid token' do
token = user.email_tokens.create(email: user.email).token
token = user.email_tokens.create!(email: user.email).token
get :password_reset, params: { token: token }
@ -438,8 +432,11 @@ describe UsersController do
get :password_reset, params: { token: token }
put :password_reset,
params: { token: token, password: 'hg9ow8yHG32O', second_factor_token: ROTP::TOTP.new(second_factor_data).now }
put :password_reset, params: {
token: token,
password: 'hg9ow8yHG32O',
second_factor_token: ROTP::TOTP.new(second_factor.data).now
}
user.reload
expect(user.confirm_password?('hg9ow8yHG32O')).to eq(true)
@ -515,7 +512,7 @@ describe UsersController do
end
end
describe '.admin_login' do
describe '#admin_login' do
let(:admin) { Fabricate(:admin) }
let(:user) { Fabricate(:user) }
@ -555,14 +552,12 @@ describe UsersController do
end
end
context 'needs 2-factor' do
describe 'when 2 factor authentication is enabled' do
let(:second_factor) { Fabricate(:user_second_factor, user: admin) }
render_views
second_factor_data = "rcyryaqage3jexfj"
before do
admin.user_second_factor = UserSecondFactor.create(user_id: admin.id, method: "totp", data: second_factor_data, enabled: true)
end
it 'does not log in when token required' do
second_factor
token = admin.email_tokens.create(email: admin.email).token
get :admin_login, params: { token: token }
expect(response).not_to redirect_to('/')
@ -572,7 +567,12 @@ describe UsersController do
it 'logs in when a valid 2-factor token is given' do
token = admin.email_tokens.create(email: admin.email).token
put :admin_login, params: { token: token, second_factor_token: ROTP::TOTP.new(second_factor_data).now }
put :admin_login, params: {
token: token,
second_factor_token: ROTP::TOTP.new(second_factor.data).now
}
expect(response).to redirect_to('/')
expect(session[:current_user_id]).to eq(admin.id)
end