From 6e597f39e89fd461298524bbd67a05d14f992468 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 10 Oct 2017 06:02:22 +0300 Subject: [PATCH] Improve registrar area sign-in/out specs #599 --- .../features/registrar/ip_restriction_spec.rb | 12 +++ spec/features/registrar/sessions/new_spec.rb | 42 --------- .../{login => sign_in}/mobile_id_spec.rb | 0 .../registrar/sign_in/password_spec.rb | 43 +++++++++ .../authorization/restricted_ip_spec.rb | 2 +- .../requests/registrar/ip_restriction_spec.rb | 90 +++++++++++++++++++ spec/requests/registrar/sessions_spec.rb | 67 -------------- .../registrar/sign_in/password_spec.rb | 20 +++++ spec/requests/registrar/sign_out_spec.rb | 26 +++--- 9 files changed, 178 insertions(+), 124 deletions(-) create mode 100644 spec/features/registrar/ip_restriction_spec.rb delete mode 100644 spec/features/registrar/sessions/new_spec.rb rename spec/features/registrar/{login => sign_in}/mobile_id_spec.rb (100%) create mode 100644 spec/features/registrar/sign_in/password_spec.rb create mode 100644 spec/requests/registrar/ip_restriction_spec.rb delete mode 100644 spec/requests/registrar/sessions_spec.rb create mode 100644 spec/requests/registrar/sign_in/password_spec.rb diff --git a/spec/features/registrar/ip_restriction_spec.rb b/spec/features/registrar/ip_restriction_spec.rb new file mode 100644 index 000000000..dc9631057 --- /dev/null +++ b/spec/features/registrar/ip_restriction_spec.rb @@ -0,0 +1,12 @@ +require 'rails_helper' + +RSpec.feature 'Registrar area IP restriction', settings: false do + background do + Setting.registrar_ip_whitelist_enabled = true + end + + scenario 'notifies the user if his IP is not allowed' do + visit registrar_root_path + expect(page).to have_text('Access denied from IP 127.0.0.1') + end +end diff --git a/spec/features/registrar/sessions/new_spec.rb b/spec/features/registrar/sessions/new_spec.rb deleted file mode 100644 index feec6cae1..000000000 --- a/spec/features/registrar/sessions/new_spec.rb +++ /dev/null @@ -1,42 +0,0 @@ -require 'rails_helper' - -RSpec.feature 'Registrar area ip restriction', settings: false do - context 'when enabled' do - background do - Setting.registrar_ip_whitelist_enabled = true - end - - context 'when ip is allowed' do - given!(:white_ip) { create(:white_ip, - ipv4: '127.0.0.1', - interfaces: [WhiteIp::REGISTRAR]) } - - it 'does not show error message' do - visit registrar_login_path - expect(page).to_not have_text(error_message) - end - end - - context 'when ip is not allowed' do - it 'shows error message' do - visit registrar_login_path - expect(page).to have_text(error_message) - end - end - end - - context 'when disabled' do - background do - Setting.registrar_ip_whitelist_enabled = false - end - - it 'does not show error message' do - visit registrar_login_path - expect(page).to_not have_text(error_message) - end - end - - def error_message - t('registrar.authorization.ip_not_allowed', ip: '127.0.0.1') - end -end diff --git a/spec/features/registrar/login/mobile_id_spec.rb b/spec/features/registrar/sign_in/mobile_id_spec.rb similarity index 100% rename from spec/features/registrar/login/mobile_id_spec.rb rename to spec/features/registrar/sign_in/mobile_id_spec.rb diff --git a/spec/features/registrar/sign_in/password_spec.rb b/spec/features/registrar/sign_in/password_spec.rb new file mode 100644 index 000000000..f0cc3ed49 --- /dev/null +++ b/spec/features/registrar/sign_in/password_spec.rb @@ -0,0 +1,43 @@ +require 'rails_helper' + +RSpec.feature 'Registrar area password sign-in' do + background do + Setting.registrar_ip_whitelist_enabled = false + end + + scenario 'signs in the user with valid credentials' do + create(:api_user_with_unlimited_balance, + active: true, + login: 'test', + password: 'testtest') + + visit registrar_login_path + sign_in_with 'test', 'testtest' + + expect(page).to have_text(t('registrar.base.current_user.sign_out')) + end + + scenario 'notifies the user with invalid credentials' do + create(:api_user, login: 'test', password: 'testtest') + + visit registrar_login_path + sign_in_with 'test', 'invalid' + + expect(page).to have_text('No such user') + end + + scenario 'notifies the user with inactive account' do + create(:api_user, active: false, login: 'test', password: 'testtest') + + visit registrar_login_path + sign_in_with 'test', 'testtest' + + expect(page).to have_text('User is not active') + end + + def sign_in_with(username, password) + fill_in 'depp_user_tag', with: username + fill_in 'depp_user_password', with: password + click_button 'Login' + end +end diff --git a/spec/models/authorization/restricted_ip_spec.rb b/spec/models/authorization/restricted_ip_spec.rb index 6fba76657..e64a1739f 100644 --- a/spec/models/authorization/restricted_ip_spec.rb +++ b/spec/models/authorization/restricted_ip_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' RSpec.describe Authorization::RestrictedIP do - describe '#enabled?', db: true, settings: false do + describe '::enabled?', db: true, settings: false do context 'when "registrar_ip_whitelist_enabled" is true' do before do Setting.registrar_ip_whitelist_enabled = true diff --git a/spec/requests/registrar/ip_restriction_spec.rb b/spec/requests/registrar/ip_restriction_spec.rb new file mode 100644 index 000000000..5fd07402e --- /dev/null +++ b/spec/requests/registrar/ip_restriction_spec.rb @@ -0,0 +1,90 @@ +require 'rails_helper' + +RSpec.describe 'Registrar area IP restriction', settings: false do + describe 'authenticated area' do + before do + sign_in_to_registrar_area + end + + context 'when IP restriction is enabled' do + before do + Setting.registrar_ip_whitelist_enabled = true + end + + context 'when ip is allowed' do + let!(:white_ip) { create(:white_ip, + ipv4: '127.0.0.1', + registrar: controller.current_user.registrar, + interfaces: [WhiteIp::REGISTRAR]) } + + specify do + get registrar_root_url + follow_redirect! + expect(response).to be_success + end + end + + context 'when ip is not allowed' do + it 'signs the user out' do + get registrar_root_url + follow_redirect! + expect(controller.current_user).to be_nil + end + + it 'redirects to login url' do + get registrar_root_url + expect(response).to redirect_to(registrar_login_url) + end + end + end + + context 'when IP restriction is disabled' do + before do + Setting.registrar_ip_whitelist_enabled = false + end + + specify do + get registrar_root_url + follow_redirect! + expect(response).to be_success + end + end + end + + describe 'unauthenticated area' do + context 'when IP restriction is enabled' do + before do + Setting.registrar_ip_whitelist_enabled = true + end + + context 'when ip is allowed' do + let!(:white_ip) { create(:white_ip, + ipv4: '127.0.0.1', + interfaces: [WhiteIp::REGISTRAR]) } + + specify do + get registrar_login_path + expect(response).to be_success + end + end + + context 'when ip is not allowed' do + specify do + get registrar_login_path + expect(response).to be_forbidden + end + end + end + + context 'when IP restriction is disabled' do + before do + Setting.registrar_ip_whitelist_enabled = false + end + + specify do + get registrar_login_path + expect(response).to be_success + end + end + end +end diff --git a/spec/requests/registrar/sessions_spec.rb b/spec/requests/registrar/sessions_spec.rb deleted file mode 100644 index 674cd8f0c..000000000 --- a/spec/requests/registrar/sessions_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -require 'rails_helper' - -RSpec.describe 'Registrar session management', db: false do - describe 'GET /registrar/login' do - context 'when ip is allowed' do - let(:restricted_ip) { instance_double(Authorization::RestrictedIP, - can_access_registrar_area_sign_in_page?: true) } - - before do - allow(Authorization::RestrictedIP).to receive(:new).and_return(restricted_ip) - end - - specify do - get registrar_login_path - expect(response).to be_success - end - end - - context 'when ip is not allowed' do - let(:restricted_ip) { instance_double(Authorization::RestrictedIP, - can_access_registrar_area_sign_in_page?: false) } - - before do - allow(Authorization::RestrictedIP).to receive(:new).and_return(restricted_ip) - end - - specify do - get registrar_login_path - expect(response).to be_forbidden - end - end - end - - describe 'POST /registrar/sessions' do - context 'when ip is allowed' do - let(:restricted_ip) { instance_double(Authorization::RestrictedIP, - can_access_registrar_area_sign_in_page?: true) } - - before do - allow(Authorization::RestrictedIP).to receive(:new).and_return(restricted_ip) - end - - specify do - make_request - expect(response).to be_success - end - end - - context 'when ip is not allowed' do - let(:restricted_ip) { instance_double(Authorization::RestrictedIP, - can_access_registrar_area_sign_in_page?: false) } - - before do - allow(Authorization::RestrictedIP).to receive(:new).and_return(restricted_ip) - end - - specify do - make_request - expect(response).to be_forbidden - end - end - - def make_request - post registrar_sessions_path, depp_user: { tag: 'test', password: 'test' } - end - end -end diff --git a/spec/requests/registrar/sign_in/password_spec.rb b/spec/requests/registrar/sign_in/password_spec.rb new file mode 100644 index 000000000..f419ffa01 --- /dev/null +++ b/spec/requests/registrar/sign_in/password_spec.rb @@ -0,0 +1,20 @@ +require 'rails_helper' + +RSpec.describe 'Registrar area password sign-in', settings: false do + let!(:user) { create(:api_user, active: true, login: 'test', password: 'testtest') } + + before do + Setting.registrar_ip_whitelist_enabled = false + end + + it 'signs the user in' do + post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' } + follow_redirect! + expect(controller.current_user).to eq(user) + end + + it 'redirects to root url' do + post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' } + expect(response).to redirect_to(registrar_root_url) + end +end diff --git a/spec/requests/registrar/sign_out_spec.rb b/spec/requests/registrar/sign_out_spec.rb index bdbd1a778..086b95f64 100644 --- a/spec/requests/registrar/sign_out_spec.rb +++ b/spec/requests/registrar/sign_out_spec.rb @@ -1,21 +1,19 @@ require 'rails_helper' RSpec.describe 'Registrar area sign-out', settings: false do - describe 'sign-out' do - before do - Setting.registrar_ip_whitelist_enabled = false - sign_in_to_registrar_area - end + before do + Setting.registrar_ip_whitelist_enabled = false + sign_in_to_registrar_area + end - it 'signs the user out' do - delete registrar_destroy_user_session_path - follow_redirect! - expect(controller.current_user).to be_nil - end + it 'signs the user out' do + delete registrar_destroy_user_session_path + follow_redirect! + expect(controller.current_user).to be_nil + end - it 'redirects to login url' do - delete registrar_destroy_user_session_path - expect(response).to redirect_to(registrar_login_url) - end + it 'redirects to login url' do + delete registrar_destroy_user_session_path + expect(response).to redirect_to(registrar_login_url) end end