79 lines
2.5 KiB
Ruby
79 lines
2.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
describe SecondFactor::Actions::GrantAdmin do
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
fab!(:user) { Fabricate(:user) }
|
|
|
|
def cleanup_admin_confirmation_redis_keys
|
|
keys = Discourse.redis.keys("admin-confirmation:*")
|
|
keys += Discourse.redis.keys("admin-confirmation-token:*")
|
|
Discourse.redis.del(keys)
|
|
end
|
|
|
|
after do
|
|
cleanup_admin_confirmation_redis_keys
|
|
end
|
|
|
|
def params(hash)
|
|
ActionController::Parameters.new(hash)
|
|
end
|
|
|
|
def create_instance(user)
|
|
SecondFactor::Actions::GrantAdmin.new(Guardian.new(user))
|
|
end
|
|
|
|
describe "#no_second_factors_enabled!" do
|
|
it "sends new admin confirmation email" do
|
|
instance = create_instance(admin)
|
|
expect {
|
|
instance.no_second_factors_enabled!(params({ user_id: user.id }))
|
|
}.to change { AdminConfirmation.exists_for?(user.id) }.from(false).to(true)
|
|
end
|
|
|
|
it "ensures the acting user is admin" do
|
|
instance = create_instance(user)
|
|
expect {
|
|
instance.no_second_factors_enabled!(params({ user_id: user.id }))
|
|
}.to raise_error(Discourse::InvalidAccess)
|
|
expect(AdminConfirmation.exists_for?(user.id)).to eq(false)
|
|
end
|
|
end
|
|
|
|
describe "#second_factor_auth_required!" do
|
|
it "returns a hash with callback_params and redirect_path" do
|
|
instance = create_instance(admin)
|
|
hash = instance.second_factor_auth_required!(params({ user_id: user.id }))
|
|
expect(hash[:callback_params]).to eq({ user_id: user.id })
|
|
expect(hash[:redirect_path]).to eq("/admin/users/#{user.id}/#{user.username}")
|
|
end
|
|
|
|
it "ensures the acting user is admin" do
|
|
instance = create_instance(user)
|
|
expect {
|
|
instance.second_factor_auth_required!(params({ user_id: user.id }))
|
|
}.to raise_error(Discourse::InvalidAccess)
|
|
end
|
|
end
|
|
|
|
describe "#second_factor_auth_completed!" do
|
|
it "grants the target user admin access and logs to staff action logs" do
|
|
instance = create_instance(admin)
|
|
expect {
|
|
instance.second_factor_auth_completed!(user_id: user.id)
|
|
}.to change { user.reload.admin }.from(false).to(true)
|
|
expect(UserHistory.exists?(
|
|
acting_user_id: admin.id,
|
|
target_user_id: user.id,
|
|
action: UserHistory.actions[:grant_admin]
|
|
)).to eq(true)
|
|
end
|
|
|
|
it "ensures the acting user is admin" do
|
|
instance = create_instance(user)
|
|
expect {
|
|
instance.second_factor_auth_completed!(user_id: user.id)
|
|
}.to raise_error(Discourse::InvalidAccess)
|
|
end
|
|
end
|
|
end
|