admin_password_auth_spec.rb 2.8 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'Admin password auth', type: :system do
  4. before do
  5. Setting.set('user_show_password_login', false)
  6. Setting.set('auth_saml', true)
  7. end
  8. context 'when logged in already' do
  9. before do
  10. visit 'admin_password_auth'
  11. end
  12. it 'logged in user cannot open admin password auth' do
  13. expect(page).to have_no_text 'password'
  14. end
  15. end
  16. context 'when not logged in', authenticated_as: false do
  17. def request_admin_password_auth
  18. visit 'admin_password_auth'
  19. fill_in 'username', with: username
  20. click '.btn--primary'
  21. end
  22. before do
  23. freeze_time
  24. request_admin_password_auth
  25. end
  26. context 'with non-existant user' do
  27. let(:username) { 'nonexisting' }
  28. it 'pretends to proceed' do
  29. expect(page).to have_text 'Admin password login instructions were sent'
  30. end
  31. end
  32. context 'with existing admin' do
  33. let(:user) { create(:admin) }
  34. let(:username) { user.email }
  35. let(:generated_tokens) { Token.where(action: 'AdminAuth', user_id: user.id) }
  36. it 'login is possible' do
  37. expect(page).to have_text 'Admin password login instructions were sent'
  38. expect(generated_tokens.count).to eq 1
  39. expect(generated_tokens.first.persistent).to be false
  40. visit "/#login/admin/#{generated_tokens.first.token}"
  41. expect(page).to have_css '#username'
  42. end
  43. context 'with enabled two factor authentication' do
  44. let(:password) { 'some_test_password' }
  45. let(:user) { create(:admin, password: password) }
  46. let(:token) { two_factor_pref.configuration[:code] }
  47. let!(:two_factor_pref) { create(:user_two_factor_preference, :authenticator_app, user: user) }
  48. before do
  49. Setting.set('two_factor_authentication_method_authenticator_app', true)
  50. end
  51. it 'logs in the admin user (#5283)' do
  52. expect(page).to have_text 'Admin password login instructions were sent'
  53. expect(generated_tokens.count).to eq 1
  54. expect(generated_tokens.first.persistent).to be false
  55. visit "/#login/admin/#{generated_tokens.first.token}"
  56. within('#login') do
  57. fill_in 'username', with: username
  58. fill_in 'password', with: password
  59. click_on('Sign in')
  60. fill_in 'security_code', with: token
  61. click_on('Sign in')
  62. end
  63. expect(page).to have_no_selector('#login')
  64. end
  65. end
  66. end
  67. end
  68. context 'with invalid token', authenticated_as: false do
  69. it 'login is not possible' do
  70. visit '/#login/admin/invalid-token'
  71. expect(page).to have_text 'The token for the admin password login is invalid.'
  72. end
  73. end
  74. end