discourse/spec/controllers/second_factor_controller_spec.rb

require 'rails_helper'

RSpec.describe SecondFactorController, type: :controller do
  # featheredtoast-todo also write qunit tests.
  describe '.create' do

    let(:user) { Fabricate(:user) }

    describe 'create 2fa request' do
      it 'fails on incorrect password' do
        post :create, params: {
               login: user.username, password: 'wrongpassword'
             }, format: :json
        expect(JSON.parse(response.body)['error']).to eq(I18n.t("login.incorrect_username_email_or_password"))
      end

      it 'succeeds on correct password' do
        post :create, params: {
               login: user.username, password: 'myawesomepassword'
             }, format: :json
        expect(JSON.parse(response.body).keys).to contain_exactly('key', 'qr')
      end
    end
  end

  describe '.update' do
    let(:user) { Fabricate(:user) }

    context 'when user has totp setup' do
      second_factor_data = "rcyryaqage3jexfj"
      before do
        user.user_second_factor = UserSecondFactor.create(user_id: user.id, method: "totp", data: second_factor_data)
      end

      it 'errors on incorrect code' do
        post :update, params: {
               username: user.username,
               token: '000000',
               enable: 'true'
             }, format: :json
        expect(JSON.parse(response.body)['error']).to eq(I18n.t("login.invalid_second_factor_code"))
        user.reload
      end

      it 'can be enabled' do
        post :update, params: {
               username: user.username,
               token: ROTP::TOTP.new(second_factor_data).now,
               enable: 'true'
             }, format: :json
        expect(JSON.parse(response.body)['result']).to eq('ok')
        user.reload
        expect(user.user_second_factor.enabled).to be true
      end

      it 'can be disabled' do
        post :update, params: {
               username: user.username,
               enable: 'false',
               token: ROTP::TOTP.new(second_factor_data).now
             }, format: :json
        expect(JSON.parse(response.body)['result']).to eq('ok')
        user.reload
        expect(user.user_second_factor).to be_nil
      end
    end
  end

end