diff --git a/spec/controllers/api/internal/two_factor_authentication/webauthn_controller_spec.rb b/spec/controllers/api/internal/two_factor_authentication/webauthn_controller_spec.rb index 3d6c4d4a7df..ca10288202f 100644 --- a/spec/controllers/api/internal/two_factor_authentication/webauthn_controller_spec.rb +++ b/spec/controllers/api/internal/two_factor_authentication/webauthn_controller_spec.rb @@ -75,6 +75,30 @@ expect(response.status).to eq(401) end end + + context 'with a configuration that does not exist' do + let(:params) { { id: 0 } } + + it 'responds with unsuccessful result' do + expect(response_body).to eq( + success: false, + error: t('errors.manage_authenticator.internal_error'), + ) + expect(response.status).to eq(400) + end + end + + context 'with a configuration that does not belong to the user' do + let(:configuration) { create(:webauthn_configuration) } + + it 'responds with unsuccessful result' do + expect(response_body).to eq( + success: false, + error: t('errors.manage_authenticator.internal_error'), + ) + expect(response.status).to eq(400) + end + end end describe '#destroy' do @@ -145,5 +169,29 @@ expect(response.status).to eq(401) end end + + context 'with a configuration that does not exist' do + let(:params) { { id: 0 } } + + it 'responds with unsuccessful result' do + expect(response_body).to eq( + success: false, + error: t('errors.manage_authenticator.internal_error'), + ) + expect(response.status).to eq(400) + end + end + + context 'with a configuration that does not belong to the user' do + let(:configuration) { create(:webauthn_configuration) } + + it 'responds with unsuccessful result' do + expect(response_body).to eq( + success: false, + error: t('errors.manage_authenticator.internal_error'), + ) + expect(response.status).to eq(400) + end + end end end diff --git a/spec/controllers/users/webauthn_controller_spec.rb b/spec/controllers/users/webauthn_controller_spec.rb index b87ba455b22..c8b89faf501 100644 --- a/spec/controllers/users/webauthn_controller_spec.rb +++ b/spec/controllers/users/webauthn_controller_spec.rb @@ -19,6 +19,41 @@ expect(assigns(:form)).to be_kind_of(TwoFactorAuthentication::WebauthnUpdateForm) expect(assigns(:form).configuration).to eq(configuration) end + + context 'signed out' do + let(:user) { nil } + let(:configuration) { create(:webauthn_configuration) } + + it 'redirects to sign-in page' do + expect(response).to redirect_to(new_user_session_url) + end + end + + context 'not recently authenticated' do + before do + allow(controller).to receive(:recently_authenticated_2fa?).and_return(false) + end + + it 'redirects to reauthenticate' do + expect(response).to redirect_to(login_two_factor_options_path) + end + end + + context 'editing a configuration that does not exist' do + let(:params) { { id: 0 } } + + it 'renders not found' do + expect(response).to be_not_found + end + end + + context 'editing a configuration that does not belong to the user' do + let(:configuration) { create(:webauthn_configuration) } + + it 'renders not found' do + expect(response).to be_not_found + end + end end describe '#update' do @@ -87,6 +122,22 @@ expect(response).to redirect_to(login_two_factor_options_path) end end + + context 'with a configuration that does not exist' do + let(:params) { { id: 0 } } + + it 'renders not found' do + expect(response).to be_not_found + end + end + + context 'with a configuration that does not belong to the user' do + let(:configuration) { create(:webauthn_configuration) } + + it 'renders not found' do + expect(response).to be_not_found + end + end end describe '#destroy' do @@ -154,5 +205,21 @@ expect(response).to redirect_to(login_two_factor_options_path) end end + + context 'with a configuration that does not exist' do + let(:params) { { id: 0 } } + + it 'renders not found' do + expect(response).to be_not_found + end + end + + context 'with a configuration that does not belong to the user' do + let(:configuration) { create(:webauthn_configuration) } + + it 'renders not found' do + expect(response).to be_not_found + end + end end end