93 lines
2.9 KiB
Ruby
93 lines
2.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
describe SecondFactor::Actions::GrantAdmin do
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
fab!(:user) { Fabricate(:user) }
|
|
|
|
def cleanup_admin_confirmation_redis_keys
|
|
keys = Discourse.redis.keys("admin-confirmation:*")
|
|
keys += Discourse.redis.keys("admin-confirmation-token:*")
|
|
Discourse.redis.del(keys)
|
|
end
|
|
|
|
after do
|
|
cleanup_admin_confirmation_redis_keys
|
|
end
|
|
|
|
def params(hash)
|
|
ActionController::Parameters.new(hash)
|
|
end
|
|
|
|
def create_request(request_method: "GET", path: "/")
|
|
ActionDispatch::TestRequest.create({
|
|
"REQUEST_METHOD" => request_method,
|
|
"PATH_INFO" => path
|
|
})
|
|
end
|
|
|
|
def create_instance(user, request = nil)
|
|
request ||= create_request
|
|
SecondFactor::Actions::GrantAdmin.new(Guardian.new(user), request)
|
|
end
|
|
|
|
describe "#no_second_factors_enabled!" do
|
|
it "sends new admin confirmation email" do
|
|
instance = create_instance(admin)
|
|
expect {
|
|
instance.no_second_factors_enabled!(params({ user_id: user.id }))
|
|
}.to change { AdminConfirmation.exists_for?(user.id) }.from(false).to(true)
|
|
end
|
|
|
|
it "ensures the acting user is admin" do
|
|
instance = create_instance(user)
|
|
expect {
|
|
instance.no_second_factors_enabled!(params({ user_id: user.id }))
|
|
}.to raise_error(Discourse::InvalidAccess)
|
|
expect(AdminConfirmation.exists_for?(user.id)).to eq(false)
|
|
end
|
|
end
|
|
|
|
describe "#second_factor_auth_required!" do
|
|
it "returns a hash with callback_params, redirect_url and a description" do
|
|
instance = create_instance(admin)
|
|
hash = instance.second_factor_auth_required!(params({ user_id: user.id }))
|
|
expect(hash[:callback_params]).to eq({ user_id: user.id })
|
|
expect(hash[:redirect_url]).to eq("/admin/users/#{user.id}/#{user.username}")
|
|
expect(hash[:description]).to eq(
|
|
I18n.t(
|
|
"second_factor_auth.actions.grant_admin.description",
|
|
username: "@#{user.username}"
|
|
)
|
|
)
|
|
end
|
|
|
|
it "ensures the acting user is admin" do
|
|
instance = create_instance(user)
|
|
expect {
|
|
instance.second_factor_auth_required!(params({ user_id: user.id }))
|
|
}.to raise_error(Discourse::InvalidAccess)
|
|
end
|
|
end
|
|
|
|
describe "#second_factor_auth_completed!" do
|
|
it "grants the target user admin access and logs to staff action logs" do
|
|
instance = create_instance(admin)
|
|
expect {
|
|
instance.second_factor_auth_completed!(user_id: user.id)
|
|
}.to change { user.reload.admin }.from(false).to(true)
|
|
expect(UserHistory.exists?(
|
|
acting_user_id: admin.id,
|
|
target_user_id: user.id,
|
|
action: UserHistory.actions[:grant_admin]
|
|
)).to eq(true)
|
|
end
|
|
|
|
it "ensures the acting user is admin" do
|
|
instance = create_instance(user)
|
|
expect {
|
|
instance.second_factor_auth_completed!(user_id: user.id)
|
|
}.to raise_error(Discourse::InvalidAccess)
|
|
end
|
|
end
|
|
end
|