discourse/spec/lib/second_factor/actions/grant_admin_spec.rb

87 lines
2.9 KiB
Ruby

# frozen_string_literal: true
RSpec.describe SecondFactor::Actions::GrantAdmin do
fab!(:admin)
fab!(:user)
def cleanup_admin_confirmation_redis_keys
keys = Discourse.redis.keys("admin-confirmation:*")
keys += Discourse.redis.keys("admin-confirmation-token:*")
Discourse.redis.del(keys)
end
after { cleanup_admin_confirmation_redis_keys }
def params(hash)
ActionController::Parameters.new(hash)
end
def create_request(request_method: "GET", path: "/")
ActionDispatch::TestRequest.create({ "REQUEST_METHOD" => request_method, "PATH_INFO" => path })
end
def create_instance(user, request = nil)
request ||= create_request
SecondFactor::Actions::GrantAdmin.new(Guardian.new(user), request, target_user: user)
end
describe "#no_second_factors_enabled!" do
it "sends new admin confirmation email" do
instance = create_instance(admin)
expect { instance.no_second_factors_enabled!(params({ user_id: user.id })) }.to change {
AdminConfirmation.exists_for?(user.id)
}.from(false).to(true)
end
it "ensures the acting user is admin" do
instance = create_instance(user)
expect { instance.no_second_factors_enabled!(params({ user_id: user.id })) }.to raise_error(
Discourse::InvalidAccess,
)
expect(AdminConfirmation.exists_for?(user.id)).to eq(false)
end
end
describe "#second_factor_auth_required!" do
it "returns a hash with callback_params, redirect_url and a description" do
instance = create_instance(admin)
hash = instance.second_factor_auth_required!(params({ user_id: user.id }))
expect(hash[:callback_params]).to eq({ user_id: user.id })
expect(hash[:redirect_url]).to eq("/admin/users/#{user.id}/#{user.username}")
expect(hash[:description]).to eq(
I18n.t("second_factor_auth.actions.grant_admin.description", username: "@#{user.username}"),
)
end
it "ensures the acting user is admin" do
instance = create_instance(user)
expect { instance.second_factor_auth_required!(params({ user_id: user.id })) }.to raise_error(
Discourse::InvalidAccess,
)
end
end
describe "#second_factor_auth_completed!" do
it "grants the target user admin access and logs to staff action logs" do
instance = create_instance(admin)
expect { instance.second_factor_auth_completed!(user_id: user.id) }.to change {
user.reload.admin
}.from(false).to(true)
expect(
UserHistory.exists?(
acting_user_id: admin.id,
target_user_id: user.id,
action: UserHistory.actions[:grant_admin],
),
).to eq(true)
end
it "ensures the acting user is admin" do
instance = create_instance(user)
expect { instance.second_factor_auth_completed!(user_id: user.id) }.to raise_error(
Discourse::InvalidAccess,
)
end
end
end