Fix 2fa (#701)

2019-07-10 07:42:43 -05:00 · 2019-07-10 07:42:43 -05:00 · 1310166d74
parent 07b4804394
commit 1310166d74
6 changed files with 45 additions and 9 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -131,7 +131,7 @@ GEM
    parallel (1.17.0)
    parser (2.6.3.0)
      ast (~> 2.4.0)
-    public_suffix (3.1.0)
+    public_suffix (3.1.1)
    rack (2.0.7)
    rack-test (1.1.0)
      rack (>= 1.0, < 3)
@ -167,7 +167,7 @@ GEM
      ffi (~> 1.0)
    rb-readline (0.5.5)
    regexp_parser (1.5.1)
-    rotp (5.0.0)
+    rotp (5.1.0)
      addressable (~> 2.5)
    rqrcode (0.10.1)
      chunky_png (~> 1.0)
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@ -84,7 +84,7 @@ class SettingsController < ApplicationController
    end

    if !session[:totp_secret]
-      session[:totp_secret] = ROTP::Base32.random_base32
+      session[:totp_secret] = ROTP::Base32.random
    end

    totp = ROTP::TOTP.new(session[:totp_secret], :issuer => Rails.application.name)
--- a/spec/controllers/settings_controller_spec.rb
+++ b/spec/controllers/settings_controller_spec.rb
@ -0,0 +1,23 @@
+require 'rails_helper'
+
+describe SettingsController do
+  let(:user) { create(:user) }
+
+  before { stub_login_as user }
+
+  describe 'GET /settings/2fa' do
+    it 'returns successfully' do
+      get :twofa
+      expect(response).to be_successful
+    end
+  end
+
+  describe 'GET /settings/2fa_enroll' do
+    it 'returns successfully' do
+      get :twofa_enroll, session: { last_authed: Time.current }
+      expect(response).to be_successful
+      expect(session[:totp_secret]).not_to be_nil
+      expect(session[:totp_secret]).to have_attributes(length: 32)
+    end
+  end
+end
--- a/spec/features/homepage_spec.rb
+++ b/spec/features/homepage_spec.rb
@ -1,6 +1,6 @@
 require 'rails_helper'

-RSpec.feature "Reading Homepage", type: feature do
+RSpec.feature "Reading Homepage", type: :feature do
  let!(:story) { create(:story) }

  feature "when logged out" do
--- a/spec/rails_helper.rb
+++ b/spec/rails_helper.rb
@ -57,7 +57,8 @@ RSpec.configure do |config|
  config.infer_spec_type_from_file_location!
  config.raise_errors_for_deprecations!

-  config.include AuthenticationHelper
+  config.include AuthenticationHelper::ControllerHelper, type: :controller
+  config.include AuthenticationHelper::FeatureHelper, type: :feature

  config.filter_rails_from_backtrace!
  config.filter_gems_from_backtrace \
--- a/spec/support/authentication_helper.rb
+++ b/spec/support/authentication_helper.rb
@ -1,7 +1,19 @@
 module AuthenticationHelper
-  def stub_login_as user
-    random_token = "abcdefg".split('').shuffle.join
-    user.update_column(:session_token, random_token)
-    allow_any_instance_of(ApplicationController).to receive(:session).and_return(u: random_token)
+  module ControllerHelper
+    def stub_login_as user
+      random_token = "abcdefg".split('').shuffle.join
+      user.update_column(:session_token, random_token)
+      session[:u] = random_token
+    end
+  end
+
+  module FeatureHelper
+    def stub_login_as user
+      # feature specs don't have access to the session store
+      visit '/login'
+      fill_in 'E-mail or Username:', with: user.email
+      fill_in 'Password:', with: user.password
+      click_button 'Login'
+    end
  end
 end