two_factor_default_authentication_method_spec.rb 2.1 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe TwoFactorDefaultAuthenticationMethod, db_strategy: :reset, type: :db_migration do
  4. let(:user_without_two_factor) { create(:user) }
  5. let(:user_with_two_factor) do
  6. user = create(:user)
  7. create(:user_two_factor_preference, :authenticator_app, user: user)
  8. user.reload
  9. user.preferences[:two_factor_authentication] ||= {}
  10. user.preferences[:two_factor_authentication].delete :default
  11. user.save!
  12. user
  13. end
  14. let(:user_with_two_factor_and_default_method) do
  15. user = create(:user)
  16. create(:user_two_factor_preference, :authenticator_app, user: user)
  17. security_key_pref = create(:user_two_factor_preference, :security_keys, user: user)
  18. Service::User::TwoFactor::SetDefaultMethod
  19. .new(user: user.reload, method_name: security_key_pref.method, force: true)
  20. .execute
  21. user
  22. end
  23. before do
  24. Setting.set('two_factor_authentication_method_security_keys', true)
  25. Setting.set('two_factor_authentication_method_authenticator_app', true)
  26. end
  27. context 'when there are no users with two-factor authentication' do
  28. it 'does not change anything' do
  29. user_without_two_factor
  30. expect { migrate }.not_to change { user_without_two_factor.reload.preferences.dig(:two_factor_authentication, :default) }
  31. end
  32. end
  33. context 'when there are users with two-factor authentication' do
  34. it 'sets the default authentication method to the first one' do
  35. user_with_two_factor
  36. expect { migrate }.to change { user_with_two_factor.reload.preferences.dig(:two_factor_authentication, :default) }.from(nil).to('authenticator_app')
  37. end
  38. end
  39. context 'when there are users with two-factor authentication and a default method' do
  40. it 'does not change the already stored default two-factor authentication method' do
  41. user_with_two_factor_and_default_method
  42. expect { migrate }.not_to change { user_with_two_factor_and_default_method.reload.preferences.dig(:two_factor_authentication, :default) }
  43. end
  44. end
  45. end