Skip to content

LG-11454: Improve robustness of WebAuthn controller specs #9783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aduth merged 2 commits into from
Dec 18, 2023
Merged

LG-11454: Improve robustness of WebAuthn controller specs #9783

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ad670f6
LG-11454: Improve robustness of WebauthnController#edit specs
aduth Dec 18, 2023
932e9fc
Add additional specs for update/delete
aduth Dec 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions spec/controllers/api/internal/two_factor_authentication/webauthn_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,30 @@
expect(response.status).to eq(401)
end
end

context 'with a configuration that does not exist' do
let(:params) { { id: 0 } }

it 'responds with unsuccessful result' do
expect(response_body).to eq(
success: false,
error: t('errors.manage_authenticator.internal_error'),
)
expect(response.status).to eq(400)
end
end

context 'with a configuration that does not belong to the user' do
let(:configuration) { create(:webauthn_configuration) }

it 'responds with unsuccessful result' do
expect(response_body).to eq(
success: false,
error: t('errors.manage_authenticator.internal_error'),
)
expect(response.status).to eq(400)
end
end
end

describe '#destroy' do
Expand Down Expand Up @@ -145,5 +169,29 @@
expect(response.status).to eq(401)
end
end

context 'with a configuration that does not exist' do
let(:params) { { id: 0 } }

it 'responds with unsuccessful result' do
expect(response_body).to eq(
success: false,
error: t('errors.manage_authenticator.internal_error'),
)
expect(response.status).to eq(400)
Copy link
Contributor

@zachmargolis zachmargolis Dec 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in other apps I've considered these 404's? 🤷

Copy link
Contributor Author

@aduth aduth Dec 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in other apps I've considered these 404's? 🤷

That's a good point. This feels partly like a limitation of the FormResponse pattern we're using, since there's not a built-in way for an added error to signal that it should trigger a specific HTTP status code.

A couple options could be:

Copy link
Contributor

@zachmargolis zachmargolis Dec 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

its probably not worth all that for this PR

Copy link
Contributor Author

@aduth aduth Dec 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I'll merge this as-is, but I'd be motivated to try to find a solution to the problem described above, since it's likely we'd continue to run into it if we build more JSON API controllers.

end
end

context 'with a configuration that does not belong to the user' do
let(:configuration) { create(:webauthn_configuration) }

it 'responds with unsuccessful result' do
expect(response_body).to eq(
success: false,
error: t('errors.manage_authenticator.internal_error'),
)
expect(response.status).to eq(400)
end
end
end
end
67 changes: 67 additions & 0 deletions spec/controllers/users/webauthn_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,41 @@
expect(assigns(:form)).to be_kind_of(TwoFactorAuthentication::WebauthnUpdateForm)
expect(assigns(:form).configuration).to eq(configuration)
end

context 'signed out' do
let(:user) { nil }
let(:configuration) { create(:webauthn_configuration) }

it 'redirects to sign-in page' do
expect(response).to redirect_to(new_user_session_url)
end
end

context 'not recently authenticated' do
before do
allow(controller).to receive(:recently_authenticated_2fa?).and_return(false)
end

it 'redirects to reauthenticate' do
expect(response).to redirect_to(login_two_factor_options_path)
end
end

context 'editing a configuration that does not exist' do
let(:params) { { id: 0 } }

it 'renders not found' do
expect(response).to be_not_found
end
end

context 'editing a configuration that does not belong to the user' do
let(:configuration) { create(:webauthn_configuration) }

it 'renders not found' do
expect(response).to be_not_found
end
end
end

describe '#update' do
Expand Down Expand Up @@ -87,6 +122,22 @@
expect(response).to redirect_to(login_two_factor_options_path)
end
end

context 'with a configuration that does not exist' do
let(:params) { { id: 0 } }

it 'renders not found' do
expect(response).to be_not_found
end
end

context 'with a configuration that does not belong to the user' do
let(:configuration) { create(:webauthn_configuration) }

it 'renders not found' do
expect(response).to be_not_found
end
end
end

describe '#destroy' do
Expand Down Expand Up @@ -154,5 +205,21 @@
expect(response).to redirect_to(login_two_factor_options_path)
end
end

context 'with a configuration that does not exist' do
let(:params) { { id: 0 } }

it 'renders not found' do
expect(response).to be_not_found
end
end

context 'with a configuration that does not belong to the user' do
let(:configuration) { create(:webauthn_configuration) }

it 'renders not found' do
expect(response).to be_not_found
end
end
end
end