Move remembered device feature specs to controller specs

spec/controllers/users/backup_code_setup_controller_spec.rb

@@ -32,6 +32,17 @@
     expect(user.backup_code_configurations.length).to eq BackupCodeGenerator::NUMBER_OF_CODES
   end
 
+  it 'creating backup codes revokes remember device cookies' do
+    user = create(:user, :signed_up)
+    stub_sign_in(user)
+    expect(user.remember_device_revoked_at).to eq nil
+
+    freeze_time do
+      post :create
+      expect(user.reload.remember_device_revoked_at).to eq Time.zone.now
+    end
+  end
+
   it 'deletes backup codes' do
     user = build(:user, :signed_up, :with_authentication_app, :with_backup_code)
     stub_sign_in(user)
@@ -43,6 +54,17 @@
     expect(user.backup_code_configurations.length).to eq 0
   end
 
+  it 'deleting backup codes revokes remember device cookies' do
+    user = build(:user, :signed_up, :with_authentication_app, :with_backup_code)
+    stub_sign_in(user)
+    expect(user.remember_device_revoked_at).to eq nil
+
+    freeze_time do
+      post :delete
+      expect(user.reload.remember_device_revoked_at).to eq Time.zone.now
+    end
+  end
+
   it 'does not deletes backup codes if they are the only mfa' do
     user = build(:user, :with_backup_code)
     stub_sign_in(user)

spec/controllers/users/edit_phone_controller_spec.rb

@@ -81,6 +81,15 @@
       expect(PhoneConfiguration.find_by(id: phone_configuration.id)).to eq(nil)
     end
 
+    it 'revokes remember device cookies' do
+      stub_sign_in(user.reload)
+      expect(user.remember_device_revoked_at).to eq nil
+      freeze_time do
+        delete :destroy, params: { id: phone_configuration.id }
+        expect(user.reload.remember_device_revoked_at).to eq Time.zone.now
+      end
+    end
+
     context 'when the user will not have enough phone configurations after deleting' do
       let(:user) { create(:user, :with_phone) }
       let(:phone_configuration) { user.phone_configurations.first }

spec/controllers/users/piv_cac_authentication_setup_controller_spec.rb

@@ -242,9 +242,11 @@
         end
 
         it 'resets the remember device revocation date/time' do
-          delete :delete, params: { id: piv_cac_configuration_id }
-          expect(subject.current_user.reload.remember_device_revoked_at.to_i).to \
-            be_within(1).of(Time.zone.now.to_i)
+          expect(user.remember_device_revoked_at).to eq nil
+          freeze_time do
+            delete :delete, params: { id: piv_cac_configuration_id }
+            expect(user.reload.remember_device_revoked_at).to eq Time.zone.now
+          end
         end
 
         it 'removes the piv/cac information from the user session' do

spec/controllers/users/totp_setup_controller_spec.rb

@@ -398,6 +398,18 @@
         expect(@analytics).to have_received(:track_event).with('TOTP: User Disabled')
         expect(subject).to have_received(:create_user_event).with(:authenticator_disabled)
       end
+
+      it 'revokes remember device cookies' do
+        user = create(:user, :signed_up, :with_phone)
+        totp_app = user.auth_app_configurations.create(otp_secret_key: 'foo', name: 'My Auth App')
+        user.save
+        stub_sign_in(user)
+        expect(user.remember_device_revoked_at).to eq nil
+        freeze_time do
+          delete :disable, params: { id: totp_app.id }
+          expect(user.reload.remember_device_revoked_at).to eq Time.zone.now
+        end
+      end
     end
 
     context 'when totp is the last mfa method' do

spec/controllers/users/webauthn_setup_controller_spec.rb

@@ -119,6 +119,14 @@
         ).to eq 1
       end
 
+      it 'revokes remember device cookies' do
+        expect(user.remember_device_revoked_at).to eq nil
+        freeze_time do
+          delete :delete, params: { id: webauthn_configuration.id }
+          expect(user.reload.remember_device_revoked_at).to eq Time.zone.now
+        end
+      end
+
       it 'tracks the delete in analytics' do
         result = {
           success: true,

spec/features/remember_device/revocation_spec.rb

@@ -7,133 +7,6 @@
     allow(IdentityConfig.store).to receive(:otp_delivery_blocklist_maxretry).and_return(1000)
   end
 
-  context 'phone' do
-    let(:user) { create(:user, :signed_up) }
-
-    it 'revokes remember device when removed' do
-      create(:webauthn_configuration, user: user) # The user needs multiple methods to delete phone
-
-      sign_in_with_remember_device_and_sign_out
-
-      sign_in_user(user)
-      click_link(
-        t('forms.buttons.manage'),
-        href: manage_phone_path(id: user.phone_configurations.first.id),
-      )
-      click_on t('forms.phone.buttons.delete')
-      first(:link, t('links.sign_out')).click
-
-      expect_mfa_to_be_required_for_user(user)
-    end
-  end
-
-  context 'webauthn' do
-    let(:user) { create(:user, :signed_up, :with_webauthn) }
-
-    it 'revokes remember device when removed' do
-      sign_in_with_remember_device_and_sign_out
-
-      sign_in_user(user)
-      visit account_two_factor_authentication_path
-      click_on t('account.index.webauthn_delete')
-      click_on t('account.index.webauthn_confirm_delete')
-      first(:link, t('links.sign_out')).click
-
-      expect_mfa_to_be_required_for_user(user)
-    end
-  end
-
-  context 'webauthn platform' do
-    let(:user) { create(:user, :signed_up, :with_webauthn_platform) }
-
-    it 'revokes remember device when removed' do
-      sign_in_with_remember_device_and_sign_out
-
-      sign_in_user(user)
-      visit account_two_factor_authentication_path
-      click_on t('account.index.webauthn_platform_delete')
-      click_on t('account.index.webauthn_platform_confirm_delete')
-      first(:link, t('links.sign_out')).click
-
-      expect_mfa_to_be_required_for_user(user)
-    end
-  end
-
-  context 'piv/cac' do
-    let(:user) { create(:user, :signed_up, :with_piv_or_cac) }
-
-    it 'revokes remember device when removed' do
-      sign_in_with_remember_device_and_sign_out
-
-      sign_in_user(user)
-      visit account_two_factor_authentication_path
-      page.find('.remove-piv').click
-      click_on t('account.index.piv_cac_confirm_delete')
-      first(:link, t('links.sign_out')).click
-
-      expect_mfa_to_be_required_for_user(user)
-    end
-  end
-
-  context 'totp' do
-    let(:user) { create(:user, :signed_up, :with_authentication_app) }
-
-    it 'revokes remember device when removed' do
-      sign_in_with_remember_device_and_sign_out
-
-      sign_in_user(user)
-      visit account_two_factor_authentication_path
-      page.find('.remove-auth-app').click # Delete
-      click_on t('account.index.totp_confirm_delete')
-      first(:link, t('links.sign_out')).click
-
-      expect_mfa_to_be_required_for_user(user)
-    end
-  end
-
-  context 'backup codes' do
-    let(:user) { create(:user, :signed_up, :with_authentication_app, :with_backup_code) }
-
-    it 'revokes remember device when regenerated' do
-      sign_in_with_remember_device_and_sign_out
-
-      sign_in_user(user)
-      visit account_two_factor_authentication_path
-      click_on t('forms.backup_code.regenerate')
-      click_on t('account.index.backup_code_confirm_regenerate')
-      expect(page).to have_content(t('forms.backup_code.subtitle'))
-      click_continue
-      first(:link, t('links.sign_out')).click
-
-      expect_mfa_to_be_required_for_user(user)
-    end
-
-    it 'revokes remember device when removed' do
-      user.backup_code_configurations.destroy_all
-      sign_in_with_remember_device_and_sign_out
-
-      sign_in_user(user)
-      visit account_two_factor_authentication_path
-      click_on t('forms.backup_code.generate')
-      click_continue
-      click_continue
-
-      expect(user.reload.backup_code_configurations).to_not be_empty
-
-      click_link(
-        t('forms.buttons.delete'),
-        href: backup_code_delete_path,
-      )
-      click_on t('account.index.backup_code_confirm_delete')
-
-      expect(user.reload.backup_code_configurations).to be_empty
-
-      first(:link, t('links.sign_out')).click
-
-      expect_mfa_to_be_required_for_user(user)
-    end
-  end
-
   context 'clicking forget browsers' do
     let(:user) { create(:user, :signed_up) }