diff --git a/spec/controllers/settings/two_factor_authentications_controller_spec.rb b/spec/controllers/settings/two_factor_authentications_controller_spec.rb index 25d7a928..4d1a01fc 100644 --- a/spec/controllers/settings/two_factor_authentications_controller_spec.rb +++ b/spec/controllers/settings/two_factor_authentications_controller_spec.rb @@ -6,47 +6,70 @@ describe Settings::TwoFactorAuthenticationsController do render_views let(:user) { Fabricate(:user) } - before do - sign_in user, scope: :user - end describe 'GET #show' do - describe 'when user requires otp for login already' do - it 'returns http success' do - user.update(otp_required_for_login: true) - get :show + context 'when signed in' do + before do + sign_in user, scope: :user + end - expect(response).to have_http_status(:success) + describe 'when user requires otp for login already' do + it 'returns http success' do + user.update(otp_required_for_login: true) + get :show + + expect(response).to have_http_status(:success) + end + end + + describe 'when user does not require otp for login' do + it 'returns http success' do + user.update(otp_required_for_login: false) + get :show + + expect(response).to have_http_status(:success) + end end end - describe 'when user does not require otp for login' do - it 'returns http success' do - user.update(otp_required_for_login: false) + context 'when not signed in' do + it 'redirects' do get :show - - expect(response).to have_http_status(:success) + expect(response).to redirect_to '/auth/sign_in' end end end describe 'POST #create' do - describe 'when user requires otp for login already' do - it 'redirects to show page' do - user.update(otp_required_for_login: true) - post :create + context 'when signed in' do + before do + sign_in user, scope: :user + end - expect(response).to redirect_to(settings_two_factor_authentication_path) + describe 'when user requires otp for login already' do + it 'redirects to show page' do + user.update(otp_required_for_login: true) + post :create + + expect(response).to redirect_to(settings_two_factor_authentication_path) + end + end + + describe 'when creation succeeds' do + it 'updates user secret' do + before = user.otp_secret + post :create + + expect(user.reload.otp_secret).not_to eq(before) + expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path) + end end end - describe 'when creation succeeds' do - it 'updates user secret' do - before = user.otp_secret - post :create - - expect(user.reload.otp_secret).not_to eq(before) - expect(response).to redirect_to(new_settings_two_factor_authentication_confirmation_path) + context 'when not signed in' do + it 'redirects' do + get :show + expect(response).to redirect_to '/auth/sign_in' end end end @@ -55,12 +78,19 @@ describe Settings::TwoFactorAuthenticationsController do before do user.update(otp_required_for_login: true) end - it 'turns off otp requirement' do + + it 'turns off otp requirement if signed in' do + sign_in user, scope: :user post :destroy expect(response).to redirect_to(settings_two_factor_authentication_path) user.reload expect(user.otp_required_for_login).to eq(false) end + + it 'redirects if not signed in' do + get :show + expect(response).to redirect_to '/auth/sign_in' + end end end