Add a missing spec to SessionsController#webauthn_options (#29277)

2024-02-26 17:09:40 +01:00 · 2024-02-26 17:09:40 +01:00 · d51c3ac087
commit d51c3ac087
parent c7555271a6
1 changed files with 16 additions and 5 deletions
--- a/spec/controllers/auth/sessions_controller_spec.rb
+++ b/spec/controllers/auth/sessions_controller_spec.rb
@ -414,15 +414,17 @@ RSpec.describe Auth::SessionsController do
  end

  describe 'GET #webauthn_options' do
+    subject { get :webauthn_options, session: { attempt_user_id: user.id } }
+
+    let!(:user) do
+      Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
+    end
+
    context 'with WebAuthn and OTP enabled as second factor' do
      let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http'}://#{Rails.configuration.x.web_domain}" }

      let(:fake_client) { WebAuthn::FakeClient.new(domain) }

-      let!(:user) do
-        Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
-      end
-
      before do
        user.update(webauthn_id: WebAuthn.generate_user_id)
        public_key_credential = WebAuthn::Credential.from_create(fake_client.create)
@ -436,9 +438,18 @@ RSpec.describe Auth::SessionsController do
      end

      it 'returns http success' do
-        get :webauthn_options
+        subject
+
        expect(response).to have_http_status 200
      end
    end
+
+    context 'when WebAuthn not enabled' do
+      it 'returns http unauthorized' do
+        subject
+
+        expect(response).to have_http_status 401
+      end
+    end
  end
 end