liangxj/assistant-storefront
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
4bd11c0ecca09038b3db37aabcb400e41b7273c5
assistant-storefront/spec/requests/api/v1/profile/mfa_controller_spec.rb
Liang XJ 092fb2e083
Some checks failed
Lock Threads / action (push) Has been cancelled
Details
Mark stale issues and pull requests / stale (push) Has been cancelled
Details
Publish Chatwoot EE docker images / build (linux/amd64, ubuntu-latest) (push) Has been cancelled
Details
Publish Chatwoot EE docker images / build (linux/arm64, ubuntu-22.04-arm) (push) Has been cancelled
Details
Publish Chatwoot EE docker images / merge (push) Has been cancelled
Details
Publish Chatwoot CE docker images / build (linux/amd64, ubuntu-latest) (push) Has been cancelled
Details
Publish Chatwoot CE docker images / build (linux/arm64, ubuntu-22.04-arm) (push) Has been cancelled
Details
Publish Chatwoot CE docker images / merge (push) Has been cancelled
Details
Run Chatwoot CE spec / lint-backend (push) Has been cancelled
Details
Run Chatwoot CE spec / lint-frontend (push) Has been cancelled
Details
Run Chatwoot CE spec / frontend-tests (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (0, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (1, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (10, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (11, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (12, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (13, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (14, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (15, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (2, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (3, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (4, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (5, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (6, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (7, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (8, 16) (push) Has been cancelled
Details
Run Chatwoot CE spec / backend-tests (9, 16) (push) Has been cancelled
Details
Run Linux nightly installer / nightly (push) Has been cancelled
Details
Initial commit: Add logistics and order_detail message types 
- Add Logistics component with progress tracking
- Add OrderDetail component for order information
- Support data-driven steps and actions
- Add blue color scale to widget SCSS
- Fix node overflow and progress bar rendering issues
- Add English translations for dashboard components

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-26 11:16:56 +08:00

275 lines
8.7 KiB
Ruby
Raw Blame History

require 'rails_helper'
RSpec.describe 'MFA API', type: :request do
before do
skip('Skipping since MFA is not configured in this environment') unless Chatwoot.encryption_configured?
allow(Chatwoot).to receive(:mfa_enabled?).and_return(true)
end
let(:account) { create(:account) }
let(:user) { create(:user, account: account, password: 'Test@123456') }
describe 'GET /api/v1/profile/mfa' do
context 'when 2FA is disabled' do
it 'returns MFA disabled status' do
get '/api/v1/profile/mfa',
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['enabled']).to be_falsey
expect(json_response['backup_codes_generated']).to be_falsey
end
end
context 'when 2FA is enabled' do
before do
user.enable_two_factor!
user.update!(otp_required_for_login: true)
end
it 'returns MFA enabled status' do
get '/api/v1/profile/mfa',
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['enabled']).to be_truthy
end
context 'with backup codes generated' do
before do
user.generate_backup_codes!
end
it 'indicates backup codes are generated' do
get '/api/v1/profile/mfa',
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['backup_codes_generated']).to be_truthy
end
end
end
end
describe 'POST /api/v1/profile/mfa' do
context 'when 2FA is not enabled' do
it 'enables 2FA and returns QR code URL' do
post '/api/v1/profile/mfa',
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['provisioning_url']).not_to be_nil
expect(json_response['provisioning_url']).to include('otpauth://totp')
expect(json_response['secret']).not_to be_nil
user.reload
expect(user.otp_secret).not_to be_nil
end
end
context 'when 2FA is already enabled' do
before do
user.enable_two_factor!
user.update!(otp_required_for_login: true)
end
it 'returns error message' do
post '/api/v1/profile/mfa',
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.already_enabled'))
end
end
end
describe 'POST /api/v1/profile/mfa/verify' do
before do
user.enable_two_factor!
end
context 'with valid OTP code' do
it 'verifies and confirms 2FA setup with backup codes' do
otp_code = user.current_otp
post '/api/v1/profile/mfa/verify',
params: { otp_code: otp_code },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['enabled']).to be_truthy
expect(json_response['backup_codes']).to be_an(Array)
expect(json_response['backup_codes'].length).to eq(10)
user.reload
expect(user.otp_required_for_login).to be_truthy
expect(user.otp_backup_codes).not_to be_nil
end
end
context 'with invalid OTP code' do
it 'returns error message' do
post '/api/v1/profile/mfa/verify',
params: { otp_code: '000000' },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.invalid_code'))
end
end
context 'when 2FA is already verified' do
before do
user.update!(otp_required_for_login: true)
end
it 'returns already enabled error' do
post '/api/v1/profile/mfa/verify',
params: { otp_code: user.current_otp },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.already_enabled'))
end
end
end
describe 'DELETE /api/v1/profile/mfa' do
context 'when 2FA is enabled' do
before do
user.enable_two_factor!
user.update!(otp_required_for_login: true)
user.generate_backup_codes!
end
context 'with valid password and OTP' do
it 'disables 2FA successfully' do
otp_code = user.current_otp
delete '/api/v1/profile/mfa',
params: { password: 'Test@123456', otp_code: otp_code },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['enabled']).to be_falsey
user.reload
expect(user.otp_required_for_login).to be_falsey
expect(user.otp_secret).to be_nil
expect(user.otp_backup_codes).to be_blank
end
end
context 'with invalid password' do
it 'returns error message' do
otp_code = user.current_otp
delete '/api/v1/profile/mfa',
params: { password: 'wrong_password', otp_code: otp_code },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to include('Invalid')
end
end
context 'with invalid OTP' do
it 'returns error message' do
delete '/api/v1/profile/mfa',
params: { password: 'Test@123456', otp_code: '000000' },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to include('Invalid')
end
end
end
context 'when 2FA is not enabled' do
it 'returns not enabled error' do
delete '/api/v1/profile/mfa',
params: { password: 'Test@123456', otp_code: '123456' },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.not_enabled'))
end
end
end
describe 'POST /api/v1/profile/mfa/backup_codes' do
context 'when 2FA is enabled' do
before do
user.enable_two_factor!
user.update!(otp_required_for_login: true)
end
context 'with valid OTP' do
it 'generates new backup codes' do
otp_code = user.current_otp
post '/api/v1/profile/mfa/backup_codes',
params: { otp_code: otp_code },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['backup_codes']).to be_an(Array)
expect(json_response['backup_codes'].length).to eq(10)
end
end
context 'with invalid OTP' do
it 'returns error message' do
post '/api/v1/profile/mfa/backup_codes',
params: { otp_code: '000000' },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.invalid_code'))
end
end
end
context 'when 2FA is not enabled' do
it 'returns not enabled error' do
post '/api/v1/profile/mfa/backup_codes',
params: { otp_code: '123456' },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.not_enabled'))
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink