zammad/spec/requests/user/after_auth_spec.rb

# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

require 'rails_helper'

RSpec.describe 'User after auth endpoint', authenticated_as: :customer, type: :request do
  before do
    setting if defined?(setting)

    # Do a "real" login to get a valid session.
    params = {
      fingerprint: fingerprint,
      username:    customer.login,
      password:    password
    }

    post '/api/v1/signin', params: params, as: :json

    get '/api/v1/users/after_auth', as: :json
  end

  let(:password)    { SecureRandom.urlsafe_base64(20) }
  let(:fingerprint) { SecureRandom.urlsafe_base64(40) }
  let(:customer)    { create(:customer, roles: [role], password: password) }
  let(:role)        { create(:role, name: '2FA') }

  context 'when no after auth module should be present' do
    it 'returns nil' do
      expect(json_response).to be_nil
    end
  end

  context 'when a after auth module should be present' do
    let(:setting) do
      Setting.set('two_factor_authentication_enforce_role_ids', [role.id])
      Setting.set('two_factor_authentication_method_authenticator_app', true)
    end

    it 'returns the after auth information' do
      expect(json_response).to eq({ 'data' => {}, 'type' => 'TwoFactorConfiguration' })
    end
  end
end