demarches-normaliennes/spec/models/super_admin_spec.rb
2020-12-15 16:26:09 +01:00

103 lines
3.4 KiB
Ruby
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

describe SuperAdmin, type: :model do
describe '#invite_admin' do
let(:super_admin) { create :super_admin }
let(:valid_email) { 'paul@tps.fr' }
subject { super_admin.invite_admin(valid_email) }
it {
user = subject
expect(user.errors).to be_empty
expect(user).to be_persisted
}
it { expect(super_admin.invite_admin(nil).errors).not_to be_empty }
it { expect(super_admin.invite_admin('toto').errors).not_to be_empty }
it 'creates a corresponding user account for the email' do
subject
user = User.find_by(email: valid_email)
expect(user).to be_present
end
it 'creates a corresponding instructeur account for the email' do
subject
instructeur = Instructeur.by_email(valid_email)
expect(instructeur).to be_present
end
context 'when there already is a user account with the same email' do
before { create(:user, email: valid_email) }
it 'still creates an admin account' do
expect(subject.errors).to be_empty
expect(subject).to be_persisted
end
end
end
describe 'enable_otp!' do
let(:super_admin) { create(:super_admin, otp_required_for_login: false) }
let(:subject) { super_admin.enable_otp! }
it 'updates otp_required_for_login' do
expect { subject }.to change { super_admin.otp_required_for_login? }.from(false).to(true)
end
it 'updates otp_secret' do
expect { subject }.to change { super_admin.otp_secret }
end
end
describe 'disable_otp!' do
let(:super_admin) { create(:super_admin, otp_required_for_login: true) }
let(:subject) { super_admin.disable_otp! }
it 'updates otp_required_for_login' do
expect { subject }.to change { super_admin.otp_required_for_login? }.from(true).to(false)
end
it 'nullifies otp_secret' do
super_admin.enable_otp!
expect { subject }.to change { super_admin.reload.otp_secret }.to(nil)
end
end
describe '#password_complexity' do
# This password list is sorted by password complexity, according to zxcvbn (used for complexity evaluation)
# 0 - too guessable: risky password. (guesses < 10^3)
# 1 - very guessable: protection from throttled online attacks. (guesses < 10^6)
# 2 - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
# 3 - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
# 4 - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
passwords = ['pass', '12pass23', 'démarches ', 'démarches-simple', '{My-$3cure-p4ssWord}']
min_complexity = PASSWORD_COMPLEXITY_FOR_ADMIN
let(:email) { 'mail@beta.gouv.fr' }
let(:super_admin) { build(:super_admin, email: email, password: password) }
subject do
super_admin.save
super_admin.errors.full_messages
end
context 'when password is too short' do
let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) }
it { expect(subject).to eq(["Le mot de passe est trop court"]) }
end
context 'when password is too simple' do
passwords[0..(min_complexity - 1)].each do |password|
let(:password) { password }
it { expect(subject).to eq(["Le mot de passe nest pas assez complexe"]) }
end
end
context 'when password is acceptable' do
let(:password) { passwords[min_complexity] }
it { expect(subject).to eq([]) }
end
end
end