rubygems-update 3.4.17 → 3.4.19

data/test/rubygems/test_gem_commands_owner_command.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+
 require_relative "helper"
+require_relative "multifactor_auth_utilities"
 require "rubygems/commands/owner_command"
 
 class TestGemCommandsOwnerCommand < Gem::TestCase
@@ -10,7 +12,7 @@ class TestGemCommandsOwnerCommand < Gem::TestCase
 
     ENV["RUBYGEMS_HOST"] = nil
     @stub_ui = Gem::MockGemUi.new
-    @stub_fetcher = Gem::FakeFetcher.new
+    @stub_fetcher = Gem::MultifactorAuthFetcher.new
     Gem::RemoteFetcher.fetcher = @stub_fetcher
     Gem.configuration = nil
     Gem.configuration.rubygems_api_key = "ed244fbf2b1a52e012da8616c512fa47f9aa5250"
@@ -323,15 +325,8 @@ EOF
   end
 
   def test_otp_verified_success
-    response_fail = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry."
     response_success = "Owner added successfully."
-
-    @stub_fetcher.data["#{Gem.host}/api/v1/gems/freewill/owners"] = [
-      HTTPResponseFactory.create(body: response_fail, code: 401, msg: "Unauthorized"),
-      HTTPResponseFactory.create(body: response_success, code: 200, msg: "OK"),
-    ]
-    @stub_fetcher.data["#{Gem.host}/api/v1/webauthn_verification"] =
-      HTTPResponseFactory.create(body: "You don't have any security devices", code: 422, msg: "Unprocessable Entity")
+    @stub_fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems/freewill/owners", response_success)
 
     @otp_ui = Gem::MockGemUi.new "111111\n"
     use_ui @otp_ui do
@@ -362,68 +357,102 @@ EOF
   end
 
   def test_with_webauthn_enabled_success
-    webauthn_verification_url = "rubygems.org/api/v1/webauthn_verification/odow34b93t6aPCdY"
-    response_fail = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry."
     response_success = "Owner added successfully."
-    port = 5678
-    server = TCPServer.new(port)
+    server = Gem::MockTCPServer.new
 
-    @stub_fetcher.data["#{Gem.host}/api/v1/webauthn_verification"] = HTTPResponseFactory.create(body: webauthn_verification_url, code: 200, msg: "OK")
-    @stub_fetcher.data["#{Gem.host}/api/v1/gems/freewill/owners"] = [
-      HTTPResponseFactory.create(body: response_fail, code: 401, msg: "Unauthorized"),
-      HTTPResponseFactory.create(body: response_success, code: 200, msg: "OK"),
-    ]
+    @stub_fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems/freewill/owners", response_success)
+    @stub_fetcher.respond_with_webauthn_url
 
     TCPServer.stub(:new, server) do
-      Gem::WebauthnListener.stub(:wait_for_otp_code, "Uvh6T57tkWuUnWYo") do
+      Gem::GemcutterUtilities::WebauthnListener.stub(:listener_thread, Thread.new { Thread.current[:otp] = "Uvh6T57tkWuUnWYo" }) do
         use_ui @stub_ui do
           @cmd.add_owners("freewill", ["user-new1@example.com"])
         end
       end
-    ensure
-      server.close
     end
 
-    url_with_port = "#{webauthn_verification_url}?port=#{port}"
-    assert_match "You have enabled multi-factor authentication. Please visit #{url_with_port} to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin command with the `--otp [your_code]` option.", @stub_ui.output
+    assert_match "You have enabled multi-factor authentication. Please visit #{@stub_fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \
+      "you can re-run the gem signin command with the `--otp [your_code]` option.", @stub_ui.output
     assert_match "You are verified with a security device. You may close the browser window.", @stub_ui.output
     assert_equal "Uvh6T57tkWuUnWYo", @stub_fetcher.last_request["OTP"]
     assert_match response_success, @stub_ui.output
   end
 
   def test_with_webauthn_enabled_failure
-    webauthn_verification_url = "rubygems.org/api/v1/webauthn_verification/odow34b93t6aPCdY"
-    response_fail = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry."
     response_success = "Owner added successfully."
-    port = 5678
-    server = TCPServer.new(port)
-    raise_error = ->(*_args) { raise Gem::WebauthnVerificationError, "Something went wrong" }
+    server = Gem::MockTCPServer.new
+    error = Gem::WebauthnVerificationError.new("Something went wrong")
 
-    @stub_fetcher.data["#{Gem.host}/api/v1/webauthn_verification"] = HTTPResponseFactory.create(body: webauthn_verification_url, code: 200, msg: "OK")
-    @stub_fetcher.data["#{Gem.host}/api/v1/gems/freewill/owners"] = [
-      HTTPResponseFactory.create(body: response_fail, code: 401, msg: "Unauthorized"),
-      HTTPResponseFactory.create(body: response_success, code: 200, msg: "OK"),
-    ]
+    @stub_fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems/freewill/owners", response_success)
+    @stub_fetcher.respond_with_webauthn_url
 
     TCPServer.stub(:new, server) do
-      Gem::WebauthnListener.stub(:wait_for_otp_code, raise_error) do
+      Gem::GemcutterUtilities::WebauthnListener.stub(:listener_thread, Thread.new { Thread.current[:error] = error }) do
         use_ui @stub_ui do
           @cmd.add_owners("freewill", ["user-new1@example.com"])
         end
       end
-    ensure
-      server.close
     end
 
-    url_with_port = "#{webauthn_verification_url}?port=#{port}"
-
     assert_match @stub_fetcher.last_request["Authorization"], Gem.configuration.rubygems_api_key
-    assert_match "You have enabled multi-factor authentication. Please visit #{url_with_port} to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin command with the `--otp [your_code]` option.", @stub_ui.output
+    assert_match "You have enabled multi-factor authentication. Please visit #{@stub_fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \
+      "you can re-run the gem signin command with the `--otp [your_code]` option.", @stub_ui.output
     assert_match "ERROR:  Security device verification failed: Something went wrong", @stub_ui.error
     refute_match "You are verified with a security device. You may close the browser window.", @stub_ui.output
     refute_match response_success, @stub_ui.output
   end
 
+  def test_with_webauthn_enabled_success_with_polling
+    response_success = "Owner added successfully."
+    server = Gem::MockTCPServer.new
+
+    @stub_fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems/freewill/owners", response_success)
+    @stub_fetcher.respond_with_webauthn_url
+    @stub_fetcher.respond_with_webauthn_polling("Uvh6T57tkWuUnWYo")
+
+    TCPServer.stub(:new, server) do
+      use_ui @stub_ui do
+        @cmd.add_owners("freewill", ["user-new1@example.com"])
+      end
+    end
+
+    assert_match "You have enabled multi-factor authentication. Please visit #{@stub_fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin " \
+      "command with the `--otp [your_code]` option.", @stub_ui.output
+    assert_match "You are verified with a security device. You may close the browser window.", @stub_ui.output
+    assert_equal "Uvh6T57tkWuUnWYo", @stub_fetcher.last_request["OTP"]
+    assert_match response_success, @stub_ui.output
+  end
+
+  def test_with_webauthn_enabled_failure_with_polling
+    response_success = "Owner added successfully."
+    server = Gem::MockTCPServer.new
+
+    @stub_fetcher.respond_with_require_otp(
+      "#{Gem.host}/api/v1/gems/freewill/owners",
+      response_success
+    )
+    @stub_fetcher.respond_with_webauthn_url
+    @stub_fetcher.respond_with_webauthn_polling_failure
+
+    TCPServer.stub(:new, server) do
+      use_ui @stub_ui do
+        @cmd.add_owners("freewill", ["user-new1@example.com"])
+      end
+    end
+
+    assert_match @stub_fetcher.last_request["Authorization"], Gem.configuration.rubygems_api_key
+    assert_match "You have enabled multi-factor authentication. Please visit #{@stub_fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin " \
+      "command with the `--otp [your_code]` option.", @stub_ui.output
+    assert_match "ERROR:  Security device verification failed: The token in the link you used has either expired " \
+      "or been used already.", @stub_ui.error
+    refute_match "You are verified with a security device. You may close the browser window.", @stub_ui.output
+    refute_match response_success, @stub_ui.output
+  end
+
   def test_remove_owners_unathorized_api_key
     response_forbidden = "The API key doesn't have access"
     response_success   = "Owner removed successfully."

data/test/rubygems/test_gem_commands_pristine_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/commands/pristine_command"
 

data/test/rubygems/test_gem_commands_push_command.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+
 require_relative "helper"
+require_relative "multifactor_auth_utilities"
 require "rubygems/commands/push_command"
 
 class TestGemCommandsPushCommand < Gem::TestCase
@@ -24,7 +26,7 @@ class TestGemCommandsPushCommand < Gem::TestCase
     @host = "https://rubygems.example"
     @api_key = Gem.configuration.rubygems_api_key
 
-    @fetcher = Gem::FakeFetcher.new
+    @fetcher = Gem::MultifactorAuthFetcher.new
     Gem::RemoteFetcher.fetcher = @fetcher
 
     @cmd = Gem::Commands::PushCommand.new
@@ -384,15 +386,9 @@ class TestGemCommandsPushCommand < Gem::TestCase
   end
 
   def test_otp_verified_success
-    response_fail = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry."
     response_success = "Successfully registered gem: freewill (1.0.0)"
 
-    @fetcher.data["#{Gem.host}/api/v1/gems"] = [
-      HTTPResponseFactory.create(body: response_fail, code: 401, msg: "Unauthorized"),
-      HTTPResponseFactory.create(body: response_success, code: 200, msg: "OK"),
-    ]
-    @fetcher.data["#{Gem.host}/api/v1/webauthn_verification"] =
-      HTTPResponseFactory.create(body: "You don't have any security devices", code: 422, msg: "Unprocessable Entity")
+    @fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems", response_success)
 
     @otp_ui = Gem::MockGemUi.new "111111\n"
     use_ui @otp_ui do
@@ -425,70 +421,105 @@ class TestGemCommandsPushCommand < Gem::TestCase
   end
 
   def test_with_webauthn_enabled_success
-    webauthn_verification_url = "rubygems.org/api/v1/webauthn_verification/odow34b93t6aPCdY"
-    response_fail = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry."
     response_success = "Successfully registered gem: freewill (1.0.0)"
-    port = 5678
-    server = TCPServer.new(port)
+    server = Gem::MockTCPServer.new
 
-    @fetcher.data["#{Gem.host}/api/v1/gems"] = [
-      HTTPResponseFactory.create(body: response_fail, code: 401, msg: "Unauthorized"),
-      HTTPResponseFactory.create(body: response_success, code: 200, msg: "OK"),
-    ]
-    @fetcher.data["#{Gem.host}/api/v1/webauthn_verification"] = HTTPResponseFactory.create(body: webauthn_verification_url, code: 200, msg: "OK")
+    @fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems", response_success)
+    @fetcher.respond_with_webauthn_url
 
     TCPServer.stub(:new, server) do
-      Gem::WebauthnListener.stub(:wait_for_otp_code, "Uvh6T57tkWuUnWYo") do
+      Gem::GemcutterUtilities::WebauthnListener.stub(:listener_thread, Thread.new { Thread.current[:otp] = "Uvh6T57tkWuUnWYo" }) do
         use_ui @ui do
           @cmd.send_gem(@path)
         end
       end
-    ensure
-      server.close
     end
 
-    url_with_port = "#{webauthn_verification_url}?port=#{port}"
-    assert_match "You have enabled multi-factor authentication. Please visit #{url_with_port} to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output
+    assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \
+      "you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output
     assert_match "You are verified with a security device. You may close the browser window.", @ui.output
     assert_equal "Uvh6T57tkWuUnWYo", @fetcher.last_request["OTP"]
     assert_match response_success, @ui.output
   end
 
   def test_with_webauthn_enabled_failure
-    webauthn_verification_url = "rubygems.org/api/v1/webauthn_verification/odow34b93t6aPCdY"
-    response_fail = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry."
     response_success = "Successfully registered gem: freewill (1.0.0)"
-    port = 5678
-    server = TCPServer.new(port)
-    raise_error = ->(*_args) { raise Gem::WebauthnVerificationError, "Something went wrong" }
+    server = Gem::MockTCPServer.new
+    error = Gem::WebauthnVerificationError.new("Something went wrong")
 
-    @fetcher.data["#{Gem.host}/api/v1/gems"] = [
-      HTTPResponseFactory.create(body: response_fail, code: 401, msg: "Unauthorized"),
-      HTTPResponseFactory.create(body: response_success, code: 200, msg: "OK"),
-    ]
-    @fetcher.data["#{Gem.host}/api/v1/webauthn_verification"] = HTTPResponseFactory.create(body: webauthn_verification_url, code: 200, msg: "OK")
+    @fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems", response_success)
+    @fetcher.respond_with_webauthn_url
 
     error = assert_raise Gem::MockGemUi::TermError do
       TCPServer.stub(:new, server) do
-        Gem::WebauthnListener.stub(:wait_for_otp_code, raise_error) do
+        Gem::GemcutterUtilities::WebauthnListener.stub(:listener_thread, Thread.new { Thread.current[:error] = error }) do
           use_ui @ui do
             @cmd.send_gem(@path)
           end
         end
-      ensure
-        server.close
       end
     end
     assert_equal 1, error.exit_code
 
     assert_match @fetcher.last_request["Authorization"], Gem.configuration.rubygems_api_key
-    url_with_port = "#{webauthn_verification_url}?port=#{port}"
-    assert_match "You have enabled multi-factor authentication. Please visit #{url_with_port} to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output
+    assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \
+      "you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output
     assert_match "ERROR:  Security device verification failed: Something went wrong", @ui.error
     refute_match "You are verified with a security device. You may close the browser window.", @ui.output
     refute_match response_success, @ui.output
   end
 
+  def test_with_webauthn_enabled_success_with_polling
+    response_success = "Successfully registered gem: freewill (1.0.0)"
+    server = Gem::MockTCPServer.new
+
+    @fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems", response_success)
+    @fetcher.respond_with_webauthn_url
+    @fetcher.respond_with_webauthn_polling("Uvh6T57tkWuUnWYo")
+
+    TCPServer.stub(:new, server) do
+      use_ui @ui do
+        @cmd.send_gem(@path)
+      end
+    end
+
+    assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \
+      "you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output
+    assert_match "You are verified with a security device. You may close the browser window.", @ui.output
+    assert_equal "Uvh6T57tkWuUnWYo", @fetcher.last_request["OTP"]
+    assert_match response_success, @ui.output
+  end
+
+  def test_with_webauthn_enabled_failure_with_polling
+    response_success = "Successfully registered gem: freewill (1.0.0)"
+    server = Gem::MockTCPServer.new
+
+    @fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems", response_success)
+    @fetcher.respond_with_webauthn_url
+    @fetcher.respond_with_webauthn_polling_failure
+
+    error = assert_raise Gem::MockGemUi::TermError do
+      TCPServer.stub(:new, server) do
+        use_ui @ui do
+          @cmd.send_gem(@path)
+        end
+      end
+    end
+    assert_equal 1, error.exit_code
+
+    assert_match @fetcher.last_request["Authorization"], Gem.configuration.rubygems_api_key
+    assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin " \
+      "command with the `--otp [your_code]` option.", @ui.output
+    assert_match "ERROR:  Security device verification failed: The token in the link you used has either expired " \
+      "or been used already.", @ui.error
+    refute_match "You are verified with a security device. You may close the browser window.", @ui.output
+    refute_match response_success, @ui.output
+  end
+
   def test_sending_gem_unathorized_api_key_with_mfa_enabled
     response_mfa_enabled = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry."
     response_forbidden = "The API key doesn't have access"

data/test/rubygems/test_gem_commands_query_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/commands/query_command"
 

data/test/rubygems/test_gem_commands_search_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/commands/search_command"
 

data/test/rubygems/test_gem_commands_server_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/commands/server_command"
 

data/test/rubygems/test_gem_commands_setup_command.rb

@@ -18,7 +18,7 @@ class TestGemCommandsSetupCommand < Gem::TestCase
     @cmd.options[:document] = []
 
     filelist = %w[
-      bin/gem
+      exe/gem
       lib/rubygems.rb
       lib/rubygems/requirement.rb
       lib/rubygems/ssl_certs/rubygems.org/foo.pem

data/test/rubygems/test_gem_commands_signin_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/commands/signin_command"
 require "rubygems/installer"

data/test/rubygems/test_gem_commands_sources_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/commands/sources_command"
 

data/test/rubygems/test_gem_commands_specification_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/commands/specification_command"
 

data/test/rubygems/test_gem_commands_stale_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/commands/stale_command"
 

data/test/rubygems/test_gem_commands_uninstall_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "installer_test_case"
 require "rubygems/commands/uninstall_command"
 

data/test/rubygems/test_gem_commands_unpack_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/commands/unpack_command"
 

data/test/rubygems/test_gem_commands_update_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/commands/update_command"
 

data/test/rubygems/test_gem_commands_which_command.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/commands/which_command"
 

data/test/rubygems/test_gem_commands_yank_command.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+
 require_relative "helper"
+require_relative "multifactor_auth_utilities"
 require "rubygems/commands/yank_command"
 
 class TestGemCommandsYankCommand < Gem::TestCase
@@ -11,7 +13,8 @@ class TestGemCommandsYankCommand < Gem::TestCase
     @cmd = Gem::Commands::YankCommand.new
     @cmd.options[:host] = "http://example"
 
-    @fetcher = Gem::RemoteFetcher.fetcher
+    @fetcher = Gem::MultifactorAuthFetcher.new(host: "http://example")
+    Gem::RemoteFetcher.fetcher = @fetcher
 
     Gem.configuration.rubygems_api_key = "key"
     Gem.configuration.api_keys[:KEY] = "other"
@@ -72,9 +75,6 @@ class TestGemCommandsYankCommand < Gem::TestCase
       HTTPResponseFactory.create(body: response_fail, code: 401, msg: "Unauthorized"),
       HTTPResponseFactory.create(body: "Successfully yanked", code: 200, msg: "OK"),
     ]
-    webauthn_uri = "http://example/api/v1/webauthn_verification"
-    @fetcher.data[webauthn_uri] =
-      HTTPResponseFactory.create(body: "You don't have any security devices", code: 422, msg: "Unprocessable Entity")
 
     @cmd.options[:args]           = %w[a]
     @cmd.options[:added_platform] = true
@@ -96,9 +96,6 @@ class TestGemCommandsYankCommand < Gem::TestCase
     response = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry."
     yank_uri = "http://example/api/v1/gems/yank"
     @fetcher.data[yank_uri] = HTTPResponseFactory.create(body: response, code: 401, msg: "Unauthorized")
-    webauthn_uri = "http://example/api/v1/webauthn_verification"
-    @fetcher.data[webauthn_uri] =
-      HTTPResponseFactory.create(body: "You don't have any security devices", code: 422, msg: "Unprocessable Entity")
 
     @cmd.options[:args]           = %w[a]
     @cmd.options[:added_platform] = true
@@ -116,55 +113,38 @@ class TestGemCommandsYankCommand < Gem::TestCase
   end
 
   def test_with_webauthn_enabled_success
-    webauthn_verification_url = "http://example/api/v1/webauthn_verification/odow34b93t6aPCdY"
-    response_fail = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry."
-    yank_uri = "http://example/api/v1/gems/yank"
-    webauthn_uri = "http://example/api/v1/webauthn_verification"
-    port = 5678
-    server = TCPServer.new(port)
+    server = Gem::MockTCPServer.new
 
-    @fetcher.data[webauthn_uri] = HTTPResponseFactory.create(body: webauthn_verification_url, code: 200, msg: "OK")
-    @fetcher.data[yank_uri] = [
-      HTTPResponseFactory.create(body: response_fail, code: 401, msg: "Unauthorized"),
-      HTTPResponseFactory.create(body: "Successfully yanked", code: 200, msg: "OK"),
-    ]
+    @fetcher.respond_with_require_otp("http://example/api/v1/gems/yank", "Successfully yanked")
+    @fetcher.respond_with_webauthn_url
 
     @cmd.options[:args]           = %w[a]
     @cmd.options[:added_platform] = true
     @cmd.options[:version]        = req("= 1.0")
 
     TCPServer.stub(:new, server) do
-      Gem::WebauthnListener.stub(:wait_for_otp_code, "Uvh6T57tkWuUnWYo") do
+      Gem::GemcutterUtilities::WebauthnListener.stub(:listener_thread, Thread.new { Thread.current[:otp] = "Uvh6T57tkWuUnWYo" }) do
         use_ui @ui do
           @cmd.execute
         end
       end
-    ensure
-      server.close
     end
 
-    url_with_port = "#{webauthn_verification_url}?port=#{port}"
     assert_match %r{Yanking gem from http://example}, @ui.output
-    assert_match "You have enabled multi-factor authentication. Please visit #{url_with_port} to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output
+    assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \
+      "you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output
     assert_match "You are verified with a security device. You may close the browser window.", @ui.output
     assert_equal "Uvh6T57tkWuUnWYo", @fetcher.last_request["OTP"]
     assert_match "Successfully yanked", @ui.output
   end
 
   def test_with_webauthn_enabled_failure
-    webauthn_verification_url = "http://example/api/v1/webauthn_verification/odow34b93t6aPCdY"
-    response_fail = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry."
-    yank_uri = "http://example/api/v1/gems/yank"
-    webauthn_uri = "http://example/api/v1/webauthn_verification"
-    port = 5678
-    server = TCPServer.new(port)
-    raise_error = ->(*_args) { raise Gem::WebauthnVerificationError, "Something went wrong" }
+    server = Gem::MockTCPServer.new
+    error = Gem::WebauthnVerificationError.new("Something went wrong")
 
-    @fetcher.data[webauthn_uri] = HTTPResponseFactory.create(body: webauthn_verification_url, code: 200, msg: "OK")
-    @fetcher.data[yank_uri] = [
-      HTTPResponseFactory.create(body: response_fail, code: 401, msg: "Unauthorized"),
-      HTTPResponseFactory.create(body: "Successfully yanked", code: 200, msg: "OK"),
-    ]
+    @fetcher.respond_with_require_otp("http://example/api/v1/gems/yank", "Successfully yanked")
+    @fetcher.respond_with_webauthn_url
 
     @cmd.options[:args]           = %w[a]
     @cmd.options[:added_platform] = true
@@ -172,27 +152,82 @@ class TestGemCommandsYankCommand < Gem::TestCase
 
     error = assert_raise Gem::MockGemUi::TermError do
       TCPServer.stub(:new, server) do
-        Gem::WebauthnListener.stub(:wait_for_otp_code, raise_error) do
+        Gem::GemcutterUtilities::WebauthnListener.stub(:listener_thread, Thread.new { Thread.current[:error] = error }) do
           use_ui @ui do
             @cmd.execute
           end
         end
-      ensure
-        server.close
       end
     end
     assert_equal 1, error.exit_code
 
-    url_with_port = "#{webauthn_verification_url}?port=#{port}"
-
     assert_match @fetcher.last_request["Authorization"], Gem.configuration.rubygems_api_key
     assert_match %r{Yanking gem from http://example}, @ui.output
-    assert_match "You have enabled multi-factor authentication. Please visit #{url_with_port} to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output
+    assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \
+      "you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output
     assert_match "ERROR:  Security device verification failed: Something went wrong", @ui.error
     refute_match "You are verified with a security device. You may close the browser window.", @ui.output
     refute_match "Successfully yanked", @ui.output
   end
 
+  def test_with_webauthn_enabled_success_with_polling
+    server = Gem::MockTCPServer.new
+
+    @fetcher.respond_with_require_otp("http://example/api/v1/gems/yank", "Successfully yanked")
+    @fetcher.respond_with_webauthn_url
+    @fetcher.respond_with_webauthn_polling("Uvh6T57tkWuUnWYo")
+
+    @cmd.options[:args]           = %w[a]
+    @cmd.options[:added_platform] = true
+    @cmd.options[:version]        = req("= 1.0")
+
+    TCPServer.stub(:new, server) do
+      use_ui @ui do
+        @cmd.execute
+      end
+    end
+
+    assert_match %r{Yanking gem from http://example}, @ui.output
+    assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \
+      "you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output
+    assert_match "You are verified with a security device. You may close the browser window.", @ui.output
+    assert_equal "Uvh6T57tkWuUnWYo", @fetcher.last_request["OTP"]
+    assert_match "Successfully yanked", @ui.output
+  end
+
+  def test_with_webauthn_enabled_failure_with_polling
+    server = Gem::MockTCPServer.new
+
+    @fetcher.respond_with_require_otp("http://example/api/v1/gems/yank", "Successfully yanked")
+    @fetcher.respond_with_webauthn_url
+    @fetcher.respond_with_webauthn_polling_failure
+
+    @cmd.options[:args]           = %w[a]
+    @cmd.options[:added_platform] = true
+    @cmd.options[:version]        = req("= 1.0")
+
+    error = assert_raise Gem::MockGemUi::TermError do
+      TCPServer.stub(:new, server) do
+        use_ui @ui do
+          @cmd.execute
+        end
+      end
+    end
+    assert_equal 1, error.exit_code
+
+    assert_match @fetcher.last_request["Authorization"], Gem.configuration.rubygems_api_key
+    assert_match %r{Yanking gem from http://example}, @ui.output
+    assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \
+      "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \
+      "you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output
+    assert_match "ERROR:  Security device verification failed: The token in the link you used has either expired " \
+      "or been used already.", @ui.error
+    refute_match "You are verified with a security device. You may close the browser window.", @ui.output
+    refute_match "Successfully yanked", @ui.output
+  end
+
   def test_execute_key
     yank_uri = "http://example/api/v1/gems/yank"
     @fetcher.data[yank_uri] = HTTPResponseFactory.create(body: "Successfully yanked", code: 200, msg: "OK")

data/test/rubygems/test_gem_config_file.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/config_file"
 

data/test/rubygems/test_gem_dependency.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/dependency"
 

data/test/rubygems/test_gem_dependency_installer.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "helper"
 require "rubygems/dependency_installer"
 require "rubygems/security"