after_auth_spec.rb 1.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'User after auth endpoint', authenticated_as: :customer, type: :request do
  4. before do
  5. setting if defined?(setting)
  6. # Do a "real" login to get a valid session.
  7. params = {
  8. fingerprint: fingerprint,
  9. username: customer.login,
  10. password: password
  11. }
  12. post '/api/v1/signin', params: params, as: :json
  13. get '/api/v1/users/after_auth', as: :json
  14. end
  15. let(:password) { SecureRandom.urlsafe_base64(20) }
  16. let(:fingerprint) { SecureRandom.urlsafe_base64(40) }
  17. let(:customer) { create(:customer, roles: [role], password: password) }
  18. let(:role) { create(:role, name: '2FA') }
  19. context 'when no after auth module should be present' do
  20. it 'returns nil' do
  21. expect(json_response).to be_nil
  22. end
  23. end
  24. context 'when a after auth module should be present' do
  25. let(:setting) do
  26. Setting.set('two_factor_authentication_enforce_role_ids', [role.id])
  27. Setting.set('two_factor_authentication_method_authenticator_app', true)
  28. end
  29. it 'returns the after auth information' do
  30. expect(json_response).to eq({ 'data' => {}, 'type' => 'TwoFactorConfiguration' })
  31. end
  32. end
  33. end