diff --git a/spec/controllers/admin/users/two_factor_authentications_controller_spec.rb b/spec/controllers/admin/users/two_factor_authentications_controller_spec.rb deleted file mode 100644 index 39af2ca914..0000000000 --- a/spec/controllers/admin/users/two_factor_authentications_controller_spec.rb +++ /dev/null @@ -1,54 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' -require 'webauthn/fake_client' - -RSpec.describe Admin::Users::TwoFactorAuthenticationsController do - render_views - - let(:user) { Fabricate(:user) } - - before do - sign_in Fabricate(:admin_user), scope: :user - end - - describe 'DELETE #destroy' do - context 'when user has OTP enabled' do - before do - user.update(otp_required_for_login: true) - end - - it 'redirects to admin account page' do - delete :destroy, params: { user_id: user.id } - - user.reload - expect(user.otp_enabled?).to be false - expect(response).to redirect_to(admin_account_path(user.account_id)) - end - end - - context 'when user has OTP and WebAuthn enabled' do - let(:fake_client) { WebAuthn::FakeClient.new('http://test.host') } - - before do - user.update(otp_required_for_login: true, webauthn_id: WebAuthn.generate_user_id) - - public_key_credential = WebAuthn::Credential.from_create(fake_client.create) - Fabricate(:webauthn_credential, - user_id: user.id, - external_id: public_key_credential.id, - public_key: public_key_credential.public_key, - nickname: 'Security Key') - end - - it 'redirects to admin account page' do - delete :destroy, params: { user_id: user.id } - - user.reload - expect(user.otp_enabled?).to be false - expect(user.webauthn_enabled?).to be false - expect(response).to redirect_to(admin_account_path(user.account_id)) - end - end - end -end diff --git a/spec/system/admin/users/two_factor_authentications_spec.rb b/spec/system/admin/users/two_factor_authentications_spec.rb new file mode 100644 index 0000000000..e09bc437b4 --- /dev/null +++ b/spec/system/admin/users/two_factor_authentications_spec.rb @@ -0,0 +1,58 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'webauthn/fake_client' + +RSpec.describe 'Admin Users TwoFactorAuthentications' do + let(:user) { Fabricate(:user) } + + before { sign_in Fabricate(:admin_user) } + + describe 'Disabling 2FA for users' do + before { stub_webauthn_credential } + + let(:fake_client) { WebAuthn::FakeClient.new('http://test.host') } + + context 'when user has OTP enabled' do + before { user.update(otp_required_for_login: true) } + + it 'disables OTP and redirects to admin account page' do + visit admin_account_path(user.account.id) + + expect { disable_two_factor } + .to change { user.reload.otp_enabled? }.to(false) + expect(page) + .to have_title(user.account.pretty_acct) + end + end + + context 'when user has OTP and WebAuthn enabled' do + before { user.update(otp_required_for_login: true, webauthn_id: WebAuthn.generate_user_id) } + + it 'disables OTP and webauthn and redirects to admin account page' do + visit admin_account_path(user.account.id) + + expect { disable_two_factor } + .to change { user.reload.otp_enabled? }.to(false) + .and(change { user.reload.webauthn_enabled? }.to(false)) + expect(page) + .to have_title(user.account.pretty_acct) + end + end + + def disable_two_factor + click_on I18n.t('admin.accounts.disable_two_factor_authentication') + end + + def stub_webauthn_credential + public_key_credential = WebAuthn::Credential.from_create(fake_client.create) + Fabricate( + :webauthn_credential, + external_id: public_key_credential.id, + nickname: 'Security Key', + public_key: public_key_credential.public_key, + user_id: user.id + ) + end + end +end