quo_vadis 1.4.0 → 2.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (191) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +11 -7
  3. data/CHANGELOG.md +22 -0
  4. data/Gemfile +11 -1
  5. data/LICENSE.txt +21 -0
  6. data/README.md +453 -127
  7. data/Rakefile +15 -9
  8. data/app/controllers/quo_vadis/confirmations_controller.rb +102 -0
  9. data/app/controllers/quo_vadis/logs_controller.rb +20 -0
  10. data/app/controllers/quo_vadis/password_resets_controller.rb +65 -0
  11. data/app/controllers/quo_vadis/passwords_controller.rb +26 -0
  12. data/app/controllers/quo_vadis/recovery_codes_controller.rb +54 -0
  13. data/app/controllers/quo_vadis/sessions_controller.rb +50 -132
  14. data/app/controllers/quo_vadis/totps_controller.rb +72 -0
  15. data/app/controllers/quo_vadis/twofas_controller.rb +26 -0
  16. data/app/mailers/quo_vadis/mailer.rb +73 -0
  17. data/app/models/quo_vadis/account.rb +59 -0
  18. data/app/models/quo_vadis/account_confirmation_token.rb +17 -0
  19. data/app/models/quo_vadis/log.rb +57 -0
  20. data/app/models/quo_vadis/password.rb +52 -0
  21. data/app/models/quo_vadis/password_reset_token.rb +17 -0
  22. data/app/models/quo_vadis/recovery_code.rb +26 -0
  23. data/app/models/quo_vadis/session.rb +55 -0
  24. data/app/models/quo_vadis/token.rb +42 -0
  25. data/app/models/quo_vadis/totp.rb +56 -0
  26. data/bin/console +15 -0
  27. data/bin/rails +21 -0
  28. data/bin/setup +8 -0
  29. data/config/locales/quo_vadis.en.yml +50 -23
  30. data/config/routes.rb +46 -12
  31. data/db/migrate/202102150904_setup.rb +48 -0
  32. data/lib/generators/quo_vadis/install_generator.rb +4 -23
  33. data/lib/quo_vadis.rb +103 -97
  34. data/lib/quo_vadis/controller.rb +228 -0
  35. data/lib/quo_vadis/crypt.rb +43 -0
  36. data/lib/quo_vadis/current_request_details.rb +11 -0
  37. data/lib/quo_vadis/defaults.rb +18 -0
  38. data/lib/quo_vadis/encrypted_type.rb +17 -0
  39. data/lib/quo_vadis/engine.rb +9 -11
  40. data/lib/quo_vadis/hmacable.rb +26 -0
  41. data/lib/quo_vadis/ip_masking.rb +31 -0
  42. data/lib/quo_vadis/model.rb +86 -0
  43. data/lib/quo_vadis/version.rb +3 -1
  44. data/quo_vadis.gemspec +20 -25
  45. data/test/dummy/README.markdown +1 -0
  46. data/test/dummy/Rakefile +2 -6
  47. data/test/dummy/app/controllers/application_controller.rb +0 -1
  48. data/test/dummy/app/controllers/articles_controller.rb +8 -11
  49. data/test/dummy/app/controllers/sign_ups_controller.rb +42 -0
  50. data/test/dummy/app/controllers/users_controller.rb +13 -5
  51. data/test/dummy/app/models/application_record.rb +3 -0
  52. data/test/dummy/app/models/article.rb +2 -1
  53. data/test/dummy/app/models/person.rb +5 -2
  54. data/test/dummy/app/models/user.rb +4 -1
  55. data/test/dummy/app/views/articles/also_secret.html.erb +1 -0
  56. data/test/dummy/app/views/articles/index.html.erb +1 -1
  57. data/test/dummy/app/views/articles/secret.html.erb +1 -0
  58. data/test/dummy/app/views/articles/very_secret.html.erb +2 -0
  59. data/test/dummy/app/views/layouts/application.html.erb +41 -25
  60. data/test/dummy/app/views/quo_vadis/confirmations/edit.html.erb +10 -0
  61. data/test/dummy/app/views/quo_vadis/confirmations/edit_email.html.erb +14 -0
  62. data/test/dummy/app/views/quo_vadis/confirmations/index.html.erb +14 -0
  63. data/test/dummy/app/views/quo_vadis/confirmations/new.html.erb +16 -0
  64. data/test/dummy/app/views/quo_vadis/logs/index.html.erb +28 -0
  65. data/test/dummy/app/views/quo_vadis/mailer/account_confirmation.text.erb +4 -0
  66. data/test/dummy/app/views/quo_vadis/mailer/email_change_notification.text.erb +8 -0
  67. data/test/dummy/app/views/quo_vadis/mailer/identifier_change_notification.text.erb +8 -0
  68. data/test/dummy/app/views/quo_vadis/mailer/password_change_notification.text.erb +8 -0
  69. data/test/dummy/app/views/quo_vadis/mailer/password_reset_notification.text.erb +8 -0
  70. data/test/dummy/app/views/quo_vadis/mailer/recovery_codes_generation_notification.text.erb +8 -0
  71. data/test/dummy/app/views/quo_vadis/mailer/reset_password.text.erb +4 -0
  72. data/test/dummy/app/views/quo_vadis/mailer/totp_reuse_notification.text.erb +6 -0
  73. data/test/dummy/app/views/quo_vadis/mailer/totp_setup_notification.text.erb +8 -0
  74. data/test/dummy/app/views/quo_vadis/mailer/twofa_deactivated_notification.text.erb +8 -0
  75. data/test/dummy/app/views/quo_vadis/password_resets/edit.html.erb +25 -0
  76. data/test/dummy/app/views/quo_vadis/password_resets/index.html.erb +5 -0
  77. data/test/dummy/app/views/quo_vadis/password_resets/new.html.erb +12 -0
  78. data/test/dummy/app/views/quo_vadis/passwords/edit.html.erb +30 -0
  79. data/test/dummy/app/views/quo_vadis/recovery_codes/challenge.html.erb +11 -0
  80. data/test/dummy/app/views/quo_vadis/recovery_codes/index.html.erb +25 -0
  81. data/test/dummy/app/views/quo_vadis/sessions/index.html.erb +26 -0
  82. data/test/dummy/app/views/quo_vadis/sessions/new.html.erb +24 -0
  83. data/test/dummy/app/views/quo_vadis/totps/challenge.html.erb +11 -0
  84. data/test/dummy/app/views/quo_vadis/totps/new.html.erb +17 -0
  85. data/test/dummy/app/views/quo_vadis/twofas/show.html.erb +20 -0
  86. data/test/dummy/app/views/sign_ups/new.html.erb +37 -0
  87. data/test/dummy/app/views/sign_ups/show.html.erb +5 -0
  88. data/test/dummy/app/views/users/new.html.erb +32 -9
  89. data/test/dummy/config.ru +6 -3
  90. data/test/dummy/config/application.rb +18 -9
  91. data/test/dummy/config/boot.rb +3 -9
  92. data/test/dummy/config/database.yml +2 -14
  93. data/test/dummy/config/environment.rb +2 -3
  94. data/test/dummy/config/initializers/quo_vadis.rb +5 -75
  95. data/test/dummy/config/routes.rb +11 -3
  96. data/test/dummy/db/migrate/202102121932_create_users.rb +10 -0
  97. data/test/dummy/db/migrate/202102121935_create_people.rb +10 -0
  98. data/test/dummy/db/schema.rb +80 -21
  99. data/test/fixtures/quo_vadis/mailer/account_confirmation.text +4 -0
  100. data/test/fixtures/quo_vadis/mailer/email_change_notification.text +8 -0
  101. data/test/fixtures/quo_vadis/mailer/identifier_change_notification.text +8 -0
  102. data/test/fixtures/quo_vadis/mailer/password_change_notification.text +8 -0
  103. data/test/fixtures/quo_vadis/mailer/password_reset_notification.text +8 -0
  104. data/test/fixtures/quo_vadis/mailer/recovery_codes_generation_notification.text +8 -0
  105. data/test/fixtures/quo_vadis/mailer/reset_password.text +4 -0
  106. data/test/fixtures/quo_vadis/mailer/totp_reuse_notification.text +6 -0
  107. data/test/fixtures/quo_vadis/mailer/totp_setup_notification.text +8 -0
  108. data/test/fixtures/quo_vadis/mailer/twofa_deactivated_notification.text +8 -0
  109. data/test/integration/account_confirmation_test.rb +145 -0
  110. data/test/integration/controller_test.rb +280 -0
  111. data/test/integration/logging_test.rb +235 -0
  112. data/test/integration/password_change_test.rb +93 -0
  113. data/test/integration/password_login_test.rb +125 -0
  114. data/test/integration/password_reset_test.rb +136 -0
  115. data/test/integration/recovery_codes_test.rb +48 -0
  116. data/test/integration/sessions_test.rb +86 -0
  117. data/test/integration/sign_up_test.rb +26 -12
  118. data/test/integration/totps_test.rb +96 -0
  119. data/test/integration/twofa_test.rb +82 -0
  120. data/test/mailers/mailer_test.rb +200 -0
  121. data/test/models/account_test.rb +34 -0
  122. data/test/models/crypt_test.rb +22 -0
  123. data/test/models/log_test.rb +16 -0
  124. data/test/models/mask_ip_test.rb +27 -0
  125. data/test/models/model_test.rb +66 -0
  126. data/test/models/password_test.rb +163 -0
  127. data/test/models/recovery_code_test.rb +54 -0
  128. data/test/models/session_test.rb +67 -0
  129. data/test/models/token_test.rb +70 -0
  130. data/test/models/totp_test.rb +68 -0
  131. data/test/quo_vadis_test.rb +39 -3
  132. data/test/test_helper.rb +42 -70
  133. metadata +123 -207
  134. data/app/controllers/controller_mixin.rb +0 -109
  135. data/app/mailers/quo_vadis/notifier.rb +0 -30
  136. data/app/models/model_mixin.rb +0 -128
  137. data/lib/generators/quo_vadis/templates/migration.rb.erb +0 -18
  138. data/lib/generators/quo_vadis/templates/quo_vadis.rb.erb +0 -96
  139. data/test/dummy/.gitignore +0 -2
  140. data/test/dummy/app/helpers/application_helper.rb +0 -2
  141. data/test/dummy/app/helpers/articles_helper.rb +0 -2
  142. data/test/dummy/app/views/articles/new.html.erb +0 -11
  143. data/test/dummy/app/views/layouts/sessions.html.erb +0 -3
  144. data/test/dummy/app/views/quo_vadis/notifier/change_password.text.erb +0 -9
  145. data/test/dummy/app/views/quo_vadis/notifier/invite.text.erb +0 -8
  146. data/test/dummy/app/views/sessions/edit.html.erb +0 -11
  147. data/test/dummy/app/views/sessions/forgotten.html.erb +0 -13
  148. data/test/dummy/app/views/sessions/invite.html.erb +0 -31
  149. data/test/dummy/app/views/sessions/new.html.erb +0 -15
  150. data/test/dummy/config/environments/development.rb +0 -26
  151. data/test/dummy/config/environments/production.rb +0 -49
  152. data/test/dummy/config/environments/test.rb +0 -37
  153. data/test/dummy/config/initializers/backtrace_silencers.rb +0 -7
  154. data/test/dummy/config/initializers/inflections.rb +0 -10
  155. data/test/dummy/config/initializers/mime_types.rb +0 -5
  156. data/test/dummy/config/initializers/rack_patch.rb +0 -16
  157. data/test/dummy/config/initializers/secret_token.rb +0 -7
  158. data/test/dummy/config/initializers/session_store.rb +0 -8
  159. data/test/dummy/config/locales/en.yml +0 -5
  160. data/test/dummy/config/locales/quo_vadis.en.yml +0 -21
  161. data/test/dummy/db/migrate/20110124125037_create_users.rb +0 -13
  162. data/test/dummy/db/migrate/20110124131535_create_articles.rb +0 -14
  163. data/test/dummy/db/migrate/20110127094709_add_authentication_to_users.rb +0 -18
  164. data/test/dummy/db/migrate/20111004112209_create_people.rb +0 -13
  165. data/test/dummy/db/migrate/20111004132342_add_authentication_to_people.rb +0 -18
  166. data/test/dummy/public/404.html +0 -26
  167. data/test/dummy/public/422.html +0 -26
  168. data/test/dummy/public/500.html +0 -26
  169. data/test/dummy/public/javascripts/application.js +0 -2
  170. data/test/dummy/public/javascripts/controls.js +0 -965
  171. data/test/dummy/public/javascripts/dragdrop.js +0 -974
  172. data/test/dummy/public/javascripts/effects.js +0 -1123
  173. data/test/dummy/public/javascripts/prototype.js +0 -6001
  174. data/test/dummy/public/javascripts/rails.js +0 -175
  175. data/test/dummy/public/stylesheets/.gitkeep +0 -0
  176. data/test/dummy/script/rails +0 -6
  177. data/test/integration/activation_test.rb +0 -108
  178. data/test/integration/authenticate_test.rb +0 -39
  179. data/test/integration/blocked_test.rb +0 -23
  180. data/test/integration/config_test.rb +0 -118
  181. data/test/integration/cookie_test.rb +0 -67
  182. data/test/integration/csrf_test.rb +0 -41
  183. data/test/integration/forgotten_test.rb +0 -93
  184. data/test/integration/helper_test.rb +0 -18
  185. data/test/integration/locale_test.rb +0 -197
  186. data/test/integration/navigation_test.rb +0 -7
  187. data/test/integration/sign_in_person_test.rb +0 -26
  188. data/test/integration/sign_in_test.rb +0 -24
  189. data/test/integration/sign_out_test.rb +0 -20
  190. data/test/support/integration_case.rb +0 -11
  191. data/test/unit/user_test.rb +0 -75
@@ -1,21 +1,35 @@
1
1
  require 'test_helper'
2
2
 
3
- class SignUpTest < ActiveSupport::IntegrationCase
3
+ class SignUpTest < IntegrationTest
4
4
 
5
- test 'sign in of a just-signed-up user' do
6
- visit new_user_path
7
- fill_in 'user_name', :with => 'Robert'
8
- fill_in 'user_username', :with => 'bob'
9
- fill_in 'user_password', :with => 'secret'
10
- click_button 'Sign up'
5
+ test 'successful sign up' do
6
+ assert_difference 'User.count' do
7
+ post "/users", params: {
8
+ user: {
9
+ name: 'Bob',
10
+ email: 'billy@example.com',
11
+ password: '123456789abc',
12
+ password_confirmation: '123456789abc'
13
+ }
14
+ }, headers: { 'HTTP_USER_AGENT' => 'Blah' }
15
+ assert_redirected_to '/articles'
16
+ follow_redirect!
17
+ assert_select 'p', 'Public Articles'
18
+ end
19
+ end
11
20
 
12
- assert_equal root_path, current_path
13
21
 
14
- within '.flash.notice' do
15
- assert page.has_content?('You have signed up!')
22
+ test 'failed sign up' do
23
+ assert_no_difference 'User.count' do
24
+ post "/users", params: {
25
+ user: {
26
+ name: 'Bob',
27
+ email: 'billy@example.com',
28
+ password: 'x'
29
+ }
30
+ }
31
+ assert_response :success
16
32
  end
17
-
18
- assert page.has_content?('You are signed in as Robert')
19
33
  end
20
34
 
21
35
  end
@@ -0,0 +1,96 @@
1
+ require 'test_helper'
2
+
3
+ class TotpsTest < IntegrationTest
4
+
5
+ setup do
6
+ User.create! name: 'bob', email: 'bob@example.com', password: '123456789abc'
7
+ QuoVadis.two_factor_authentication_mandatory true
8
+ login
9
+ end
10
+
11
+
12
+ test ':challenge redirects to :new when no second factor setup' do
13
+ get quo_vadis.challenge_totps_path
14
+ assert_redirected_to quo_vadis.new_totp_path
15
+ assert_equal 'Please set up two factor authentication.', flash[:alert]
16
+ end
17
+
18
+
19
+ test 'set up second factor' do
20
+ get quo_vadis.new_totp_path
21
+ assert_response :success
22
+
23
+ totp = controller.instance_variable_get :@totp
24
+ assert_emails 1 do
25
+ assert_difference 'QuoVadis::RecoveryCode.count', 5 do
26
+ assert_difference 'QuoVadis::Totp.count' do
27
+ post quo_vadis.totps_path(totp: {
28
+ key: totp.key,
29
+ hmac_key: totp.hmac_key,
30
+ otp: ROTP::TOTP.new(totp.key).now
31
+ })
32
+ end
33
+ end
34
+ end
35
+
36
+ assert_redirected_to quo_vadis.recovery_codes_path
37
+ end
38
+
39
+
40
+ test 'does not set up second factor when key tampered with' do
41
+ get quo_vadis.new_totp_path
42
+
43
+ totp = controller.instance_variable_get :@totp
44
+ assert_no_difference 'QuoVadis::Totp.count' do
45
+ post quo_vadis.totps_path(totp: {
46
+ key: 'dodgy',
47
+ hmac_key: totp.hmac_key,
48
+ otp: ROTP::TOTP.new('dodgy').now
49
+ })
50
+ end
51
+
52
+ assert_equal 'Sorry, the code was incorrect. Please check your system clock is correct and try again.', flash[:alert]
53
+ assert_redirected_to quo_vadis.new_totp_path
54
+ end
55
+
56
+
57
+ test 'authenticate with second factor' do
58
+ totp = User.last.qv_account.create_totp(last_used_at: 1.minute.ago)
59
+
60
+ get quo_vadis.challenge_totps_path
61
+ assert_response :success
62
+
63
+ assert_session_replaced do
64
+ post quo_vadis.authenticate_totps_path(totp: ROTP::TOTP.new(totp.key).now)
65
+ end
66
+ assert QuoVadis::Session.last.second_factor_authenticated?
67
+ assert_equal 'Welcome back!', flash[:notice]
68
+ assert_redirected_to '/articles/secret'
69
+ end
70
+
71
+
72
+ test 'failed authentication with second factor' do
73
+ User.last.qv_account.create_totp(last_used_at: 1.minute.ago)
74
+
75
+ post quo_vadis.authenticate_totps_path(totp: '123456')
76
+ refute QuoVadis::Session.last.second_factor_authenticated?
77
+ assert_response :success
78
+ assert_equal 'Sorry, the code was incorrect. Please check your system clock is correct and try again.', flash[:alert]
79
+ end
80
+
81
+
82
+ test '2fa code reused' do
83
+ totp = User.last.qv_account.create_totp(last_used_at: 1.minute.ago)
84
+ post quo_vadis.authenticate_totps_path(totp: ROTP::TOTP.new(totp.key).now)
85
+ assert_emails 1 do
86
+ post quo_vadis.authenticate_totps_path(totp: ROTP::TOTP.new(totp.key).now)
87
+ end
88
+ end
89
+
90
+
91
+ private
92
+
93
+ def login
94
+ post quo_vadis.login_path(email: 'bob@example.com', password: '123456789abc')
95
+ end
96
+ end
@@ -0,0 +1,82 @@
1
+ require 'test_helper'
2
+
3
+ class TwofaTest < IntegrationTest
4
+
5
+ setup do
6
+ u = User.create! name: 'bob', email: 'bob@example.com', password: '123456789abc'
7
+ @account = u.qv_account
8
+ QuoVadis.two_factor_authentication_mandatory true
9
+ # @codes = u.qv_account.generate_recovery_codes
10
+ login
11
+ end
12
+
13
+
14
+ test 'no totp, no recovery codes' do
15
+ get quo_vadis.twofa_path
16
+ assert_response :success
17
+ assert_select "a[href=?]", quo_vadis.new_totp_path
18
+ assert_select "a[href=?]", quo_vadis.recovery_codes_path
19
+ end
20
+
21
+
22
+ test 'totp, no recovery codes' do
23
+ setup_totp
24
+ get quo_vadis.twofa_path
25
+ assert_select 'form[action=?]', quo_vadis.twofa_path do
26
+ assert_select 'input[value=delete]'
27
+ end
28
+ assert_select "a[href=?]", quo_vadis.recovery_codes_path
29
+ end
30
+
31
+
32
+ test 'no totp, recovery codes' do
33
+ setup_recovery_codes
34
+ get quo_vadis.twofa_path
35
+ assert_select "a[href=?]", quo_vadis.new_totp_path
36
+ assert_select "a[href=?]", quo_vadis.recovery_codes_path
37
+ end
38
+
39
+
40
+ test 'totp, recovery codes' do
41
+ setup_totp
42
+ setup_recovery_codes
43
+ get quo_vadis.twofa_path
44
+ assert_select 'form[action=?]', quo_vadis.twofa_path do
45
+ assert_select 'input[value=delete]'
46
+ end
47
+ assert_select "a[href=?]", quo_vadis.recovery_codes_path
48
+ end
49
+
50
+
51
+ test 'deactivate' do
52
+ setup_totp
53
+ setup_recovery_codes
54
+
55
+ assert_emails 1 do
56
+ delete quo_vadis.twofa_path
57
+ end
58
+
59
+ # The flash only seems to be set before the redirect. No idea why.
60
+ assert_equal 'You have invalidated your 2FA credentials and recovery codes.', flash[:notice]
61
+ @account.reload
62
+ assert_nil @account.totp
63
+ assert_empty @account.recovery_codes
64
+ @account.sessions.each { |s| refute s.second_factor_authenticated? }
65
+ assert_redirected_to quo_vadis.twofa_path
66
+ end
67
+
68
+
69
+ private
70
+
71
+ def login
72
+ post quo_vadis.login_path(email: 'bob@example.com', password: '123456789abc')
73
+ end
74
+
75
+ def setup_totp
76
+ @account.create_totp last_used_at: 1.day.ago
77
+ end
78
+
79
+ def setup_recovery_codes
80
+ @account.generate_recovery_codes
81
+ end
82
+ end
@@ -0,0 +1,200 @@
1
+ require 'test_helper'
2
+
3
+ class MailerTest < ActionMailer::TestCase
4
+
5
+ tests QuoVadis::Mailer
6
+
7
+ setup do
8
+ QuoVadis.mail_headers({from: 'Bar <bar@example.com>'})
9
+ end
10
+
11
+
12
+ test 'reset_password' do
13
+ email = QuoVadis::Mailer.with(
14
+ email: 'Foo <foo@example.com>',
15
+ url: 'http://example.com/pwd-reset/123abc'
16
+ ).reset_password
17
+
18
+ assert_emails 1 do
19
+ email.deliver_now
20
+ end
21
+
22
+ assert_equal ['foo@example.com'], email.to
23
+ assert_equal ['bar@example.com'], email.from
24
+ assert_equal 'Change your password', email.subject
25
+ assert_equal read_fixture('reset_password.text').join, email.body.to_s
26
+ end
27
+
28
+
29
+ test 'account_confirmation' do
30
+ email = QuoVadis::Mailer.with(
31
+ email: 'Foo <foo@example.com>',
32
+ url: 'http://example.com/confirm/123abc'
33
+ ).account_confirmation
34
+
35
+ assert_emails 1 do
36
+ email.deliver_now
37
+ end
38
+
39
+ assert_equal ['foo@example.com'], email.to
40
+ assert_equal ['bar@example.com'], email.from
41
+ assert_equal 'Please confirm your account', email.subject
42
+ assert_equal read_fixture('account_confirmation.text').join, email.body.to_s
43
+ end
44
+
45
+
46
+ test 'email change notification' do
47
+ email = QuoVadis::Mailer.with(email: 'Foo <foo@example.com>').email_change_notification
48
+
49
+ # freeze_time
50
+
51
+ assert_emails 1 do
52
+ QuoVadis::CurrentRequestDetails.set(ip: '1.2.3.4') do
53
+ email.deliver_now
54
+ end
55
+ end
56
+
57
+ assert_equal ['foo@example.com'], email.to
58
+ assert_equal ['bar@example.com'], email.from
59
+ assert_equal 'Your email address has been changed', email.subject
60
+ assert_equal with_timestamp(read_fixture('email_change_notification.text').join), email.body.to_s
61
+ end
62
+
63
+
64
+ test 'identifier change notification' do
65
+ email = QuoVadis::Mailer.with(email: 'Foo <foo@example.com>', identifier: 'email').identifier_change_notification
66
+
67
+ # freeze_time
68
+
69
+ assert_emails 1 do
70
+ QuoVadis::CurrentRequestDetails.set(ip: '1.2.3.4') do
71
+ email.deliver_now
72
+ end
73
+ end
74
+
75
+ assert_equal ['foo@example.com'], email.to
76
+ assert_equal ['bar@example.com'], email.from
77
+ assert_equal 'Your email has been changed', email.subject
78
+ assert_equal with_timestamp(read_fixture('identifier_change_notification.text').join), email.body.to_s
79
+ end
80
+
81
+
82
+ test 'password change notification' do
83
+ email = QuoVadis::Mailer.with(email: 'Foo <foo@example.com>').password_change_notification
84
+
85
+ # freeze_time
86
+
87
+ assert_emails 1 do
88
+ QuoVadis::CurrentRequestDetails.set(ip: '1.2.3.4') do
89
+ email.deliver_now
90
+ end
91
+ end
92
+
93
+ assert_equal ['foo@example.com'], email.to
94
+ assert_equal ['bar@example.com'], email.from
95
+ assert_equal 'Your password has been changed', email.subject
96
+ assert_equal with_timestamp(read_fixture('password_change_notification.text').join), email.body.to_s
97
+ end
98
+
99
+
100
+ test 'password reset notification' do
101
+ email = QuoVadis::Mailer.with(email: 'Foo <foo@example.com>').password_reset_notification
102
+
103
+ # freeze_time
104
+
105
+ assert_emails 1 do
106
+ QuoVadis::CurrentRequestDetails.set(ip: '1.2.3.4') do
107
+ email.deliver_now
108
+ end
109
+ end
110
+
111
+ assert_equal ['foo@example.com'], email.to
112
+ assert_equal ['bar@example.com'], email.from
113
+ assert_equal 'Your password has been reset', email.subject
114
+ assert_equal with_timestamp(read_fixture('password_reset_notification.text').join), email.body.to_s
115
+ end
116
+
117
+
118
+ test 'totp setup notification' do
119
+ email = QuoVadis::Mailer.with(email: 'Foo <foo@example.com>').totp_setup_notification
120
+
121
+ # freeze_time
122
+
123
+ assert_emails 1 do
124
+ QuoVadis::CurrentRequestDetails.set(ip: '1.2.3.4') do
125
+ email.deliver_now
126
+ end
127
+ end
128
+
129
+ assert_equal ['foo@example.com'], email.to
130
+ assert_equal ['bar@example.com'], email.from
131
+ assert_equal 'Two-factor authentication was set up just now', email.subject
132
+ assert_equal with_timestamp(read_fixture('totp_setup_notification.text').join), email.body.to_s
133
+ end
134
+
135
+
136
+ test 'totp reuse notification' do
137
+ email = QuoVadis::Mailer.with(email: 'Foo <foo@example.com>').totp_reuse_notification
138
+
139
+ # freeze_time
140
+
141
+ assert_emails 1 do
142
+ QuoVadis::CurrentRequestDetails.set(ip: '1.2.3.4') do
143
+ email.deliver_now
144
+ end
145
+ end
146
+
147
+ assert_equal ['foo@example.com'], email.to
148
+ assert_equal ['bar@example.com'], email.from
149
+ assert_equal 'Your two-factor authentication code was reused just now', email.subject
150
+ assert_equal with_timestamp(read_fixture('totp_reuse_notification.text').join), email.body.to_s
151
+ end
152
+
153
+
154
+ test '2fa deactivated notification' do
155
+ email = QuoVadis::Mailer.with(email: 'Foo <foo@example.com>').twofa_deactivated_notification
156
+
157
+ # freeze_time
158
+
159
+ assert_emails 1 do
160
+ QuoVadis::CurrentRequestDetails.set(ip: '1.2.3.4') do
161
+ email.deliver_now
162
+ end
163
+ end
164
+
165
+ assert_equal ['foo@example.com'], email.to
166
+ assert_equal ['bar@example.com'], email.from
167
+ assert_equal 'Two-factor authentication was deactivated just now', email.subject
168
+ assert_equal with_timestamp(read_fixture('twofa_deactivated_notification.text').join), email.body.to_s
169
+ end
170
+
171
+
172
+ test 'recovery codes generation notification' do
173
+ email = QuoVadis::Mailer.with(email: 'Foo <foo@example.com>').recovery_codes_generation_notification
174
+
175
+ # freeze_time
176
+
177
+ assert_emails 1 do
178
+ QuoVadis::CurrentRequestDetails.set(ip: '1.2.3.4') do
179
+ email.deliver_now
180
+ end
181
+ end
182
+
183
+ assert_equal ['foo@example.com'], email.to
184
+ assert_equal ['bar@example.com'], email.from
185
+ assert_equal 'Recovery codes have been generated for your account', email.subject
186
+ assert_equal with_timestamp(read_fixture('recovery_codes_generation_notification.text').join), email.body.to_s
187
+ end
188
+
189
+
190
+ private
191
+
192
+ def read_fixture(action)
193
+ IO.readlines(File.join(__dir__, '..', 'fixtures', self.class.mailer_class.name.underscore, action))
194
+ end
195
+
196
+ def with_timestamp(str)
197
+ str.sub 'TIMESTAMP', Time.now.strftime('%e %B at %H:%M (%Z)')
198
+ end
199
+
200
+ end
@@ -0,0 +1,34 @@
1
+ require 'test_helper'
2
+
3
+ class AccountTest < ActiveSupport::TestCase
4
+ include ActionMailer::TestHelper
5
+
6
+ test 'confirmed?' do
7
+ account = QuoVadis::Account.new
8
+ refute account.confirmed?
9
+
10
+ account.confirmed_at = Time.now
11
+ assert account.confirmed?
12
+ end
13
+
14
+
15
+ test 'notifies on identifier change when notifier is not email' do
16
+ p = Person.create! username: 'bob', email: 'bob@example.com', password: 'secretsecret'
17
+ assert_enqueued_email_with QuoVadis::Mailer, :identifier_change_notification, args: {email: 'bob@example.com', identifier: 'username'} do
18
+ assert_enqueued_emails 1 do
19
+ p.update username: 'robert@example.com'
20
+ end
21
+ end
22
+ end
23
+
24
+
25
+ test 'does not notify on identifier change when notifier is email' do
26
+ u = User.create! name: 'bob', email: 'bob@example.com', password: '123456789abc'
27
+ assert_enqueued_email_with QuoVadis::Mailer, :email_change_notification, args: {email: 'bob@example.com'} do
28
+ assert_enqueued_emails 1 do
29
+ u.update email: 'robert@example.com'
30
+ end
31
+ end
32
+ end
33
+
34
+ end