From 8518a49ac8b834ecc2d658fd17f4770b7f78eaca Mon Sep 17 00:00:00 2001 From: Yongjin Chong Date: Wed, 29 Jan 2025 12:26:24 -0700 Subject: [PATCH] Update email login test cases --- .../accounts/user_settings_controller.ex | 1 - .../user_settings_controller_test.exs | 59 ++++++++++++++++++- .../user_two_factor_controller_test.exs | 46 +++++++++++++++ 3 files changed, 104 insertions(+), 2 deletions(-) diff --git a/lib/recognizer_web/controllers/accounts/user_settings_controller.ex b/lib/recognizer_web/controllers/accounts/user_settings_controller.ex index da81b6a..912d81d 100644 --- a/lib/recognizer_web/controllers/accounts/user_settings_controller.ex +++ b/lib/recognizer_web/controllers/accounts/user_settings_controller.ex @@ -134,7 +134,6 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do end end - # 3) confirm 결과(updated_user)에 따른 처리 (만료/유효성/성공) defp process_confirm_result(conn, user, updated_user, current_time, two_factor_issue_time, method_atom) do if current_time - two_factor_issue_time > 900 do conn diff --git a/test/recognizer_web/controllers/accounts/user_settings_controller_test.exs b/test/recognizer_web/controllers/accounts/user_settings_controller_test.exs index e021beb..24c73a9 100644 --- a/test/recognizer_web/controllers/accounts/user_settings_controller_test.exs +++ b/test/recognizer_web/controllers/accounts/user_settings_controller_test.exs @@ -177,7 +177,7 @@ defmodule RecognizerWeb.Accounts.UserSettingsControllerTest do end end - describe "POST /users/settings/two-factor (confirm)" do + describe "POST /users/settings/two-factor App (confirm)" do test "confirm saves and clears cache", %{conn: conn, user: user} do settings = Accounts.generate_and_cache_new_two_factor_settings(user, :app) @@ -209,4 +209,61 @@ defmodule RecognizerWeb.Accounts.UserSettingsControllerTest do assert Flash.get(conn.assigns.flash, :error) =~ "Two factor code is invalid" end end + + describe "POST /users/settings/two-factor Email (confirm)" do + test "confirm take timeout genereated token with expire_time", %{conn: conn, user: user} do + settings = Accounts.generate_and_cache_new_two_factor_settings(user, :email) + + expired_time = System.system_time(:second) - 901 + conn = put_session(conn, :two_factor_issue_time, expired_time) + conn = put_session(conn, :two_factor_sent, true) + + token = Authentication.generate_token(:email, expired_time, settings) + params = %{"two_factor_code" => token} + + conn = post(conn, Routes.user_settings_path(conn, :two_factor_confirm), params) + + assert redirected_to(conn) =~ "/two-factor" + assert Flash.get(conn.assigns.flash, :error) =~ "Two factor code is expired" + end + + test "confirm saves and clears cache", %{conn: conn, user: user} do + settings = Accounts.generate_and_cache_new_two_factor_settings(user, :email) + + current_time = System.system_time(:second) + conn = put_session(conn, :two_factor_issue_time, current_time) + conn = put_session(conn, :two_factor_sent, true) + + token = Authentication.generate_token(:email, current_time, settings) + params = %{"two_factor_code" => token} + + conn = post(conn, Routes.user_settings_path(conn, :two_factor_confirm), params) + + assert redirected_to(conn) =~ "/settings" + assert Flash.get(conn.assigns.flash, :info) =~ "Two factor code verified" + + %{recovery_codes: recovery_codes} = + User + |> Repo.get(user.id) + |> Repo.preload(:recovery_codes) + + refute Enum.empty?(recovery_codes) + + assert {:ok, nil} = Accounts.get_new_two_factor_settings(user) + end + + test "confirm redirects without cached settings", %{conn: conn, user: user} do + current_time = System.system_time(:second) + conn = put_session(conn, :two_factor_issue_time, current_time) + conn = put_session(conn, :two_factor_sent, true) + + settings = Accounts.generate_and_cache_new_two_factor_settings(user, :email) + token = Authentication.generate_token(:app, 0, settings) + Accounts.clear_two_factor_settings(user) + params = %{"two_factor_code" => token} + conn = post(conn, Routes.user_settings_path(conn, :two_factor_confirm), params) + assert redirected_to(conn) =~ "/two-factor" + assert Flash.get(conn.assigns.flash, :error) =~ "Two factor code is invalid" + end + end end diff --git a/test/recognizer_web/controllers/accounts/user_two_factor_controller_test.exs b/test/recognizer_web/controllers/accounts/user_two_factor_controller_test.exs index 1d36755..5d3a141 100644 --- a/test/recognizer_web/controllers/accounts/user_two_factor_controller_test.exs +++ b/test/recognizer_web/controllers/accounts/user_two_factor_controller_test.exs @@ -87,4 +87,50 @@ defmodule RecognizerWeb.Accounts.UserTwoFactorControllerTest do assert Flash.get(conn.assigns.flash, :info) =~ "Two factor code has been reset" end end + + describe "POST /users/two-factor Email (confirm)" do + test "confirm take timeout genereated token with expire_time", %{conn: conn, user: user} do + settings = Accounts.generate_and_cache_new_two_factor_settings(user, :email) + + expired_time = System.system_time(:second) - 901 + conn = put_session(conn, :two_factor_issue_time, expired_time) + conn = put_session(conn, :two_factor_sent, true) + + token = Authentication.generate_token(:email, expired_time, settings) + params = %{"user" => %{"two_factor_code" => token}} + + conn = post(conn, Routes.user_two_factor_path(conn, :create), params) + + assert redirected_to(conn) =~ "/two-factor" + assert Flash.get(conn.assigns.flash, :error) =~ "Two factor code is expired" + end + + test "confirm saves and clears cache", %{conn: conn, user: user} do + %{notification_preference: %{two_factor: two_factor_method}} = Accounts.load_notification_preferences(user) + + current_time = System.system_time(:second) + conn = put_session(conn, :two_factor_issue_time, current_time) + conn = put_session(conn, :two_factor_sent, true) + + token = Authentication.generate_token(two_factor_method, current_time, user) + params = %{"user" => %{"two_factor_code" => token}} + + conn = post(conn, Routes.user_two_factor_path(conn, :create), params) + assert redirected_to(conn) =~ "/settings" + end + + test "confirm redirects without cached settings", %{conn: conn, user: user} do + current_time = System.system_time(:second) + conn = put_session(conn, :two_factor_issue_time, current_time) + conn = put_session(conn, :two_factor_sent, true) + + settings = Accounts.generate_and_cache_new_two_factor_settings(user, :email) + token = Authentication.generate_token(:app, 0, settings) + Accounts.clear_two_factor_settings(user) + params = %{"user" => %{"two_factor_code" => token}} + conn = post(conn, Routes.user_two_factor_path(conn, :create), params) + assert redirected_to(conn) =~ "/two-factor" + assert Flash.get(conn.assigns.flash, :error) =~ "Invalid security code" + end + end end