demarches-normaliennes/spec/models/super_admin_spec.rb
2024-09-16 15:28:14 +02:00

110 lines
3.8 KiB
Ruby
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# frozen_string_literal: true
describe SuperAdmin, type: :model do
describe '#invite_admin' do
let(:super_admin) { create :super_admin }
let(:valid_email) { 'paul@tps.fr' }
subject { super_admin.invite_admin(valid_email) }
it {
user = subject
expect(user.errors).to be_empty
expect(user).to be_persisted
}
it { expect(super_admin.invite_admin(nil).errors).not_to be_empty }
it { expect(super_admin.invite_admin('toto').errors).not_to be_empty }
it 'creates a corresponding user account for the email' do
subject
user = User.find_by(email: valid_email)
expect(user).to be_present
end
it 'creates a corresponding instructeur account for the email' do
subject
instructeur = Instructeur.by_email(valid_email)
expect(instructeur).to be_present
end
context 'when there already is a user account with the same email' do
before { create(:user, email: valid_email) }
it 'still creates an admin account' do
expect(subject.errors).to be_empty
expect(subject).to be_persisted
end
end
end
describe 'enable_otp!' do
let(:super_admin) { create(:super_admin, otp_required_for_login: false) }
let(:subject) { super_admin.enable_otp! }
it 'updates otp_required_for_login' do
expect { subject }.to change { super_admin.otp_required_for_login? }.from(false).to(true)
end
it 'updates otp_secret' do
expect { subject }.to change { super_admin.otp_secret }
end
end
describe 'disable_otp!' do
let(:super_admin) { create(:super_admin, otp_required_for_login: true) }
let(:subject) { super_admin.disable_otp! }
it 'updates otp_required_for_login' do
expect { subject }.to change { super_admin.otp_required_for_login? }.from(true).to(false)
end
it 'nullifies otp_secret' do
super_admin.enable_otp!
expect(super_admin.reload.otp_secret).not_to be_nil
super_admin.disable_otp!
expect(super_admin.reload.otp_secret).to be_nil
end
end
describe '#password_complexity' do
# This password list is sorted by password complexity, according to zxcvbn (used for complexity evaluation)
# 0 - too guessable: risky password. (guesses < 10^3)
# 1 - very guessable: protection from throttled online attacks. (guesses < 10^6)
# 2 - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
# 3 - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
# 4 - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
passwords = ['000000000000', '123456789123', 'megapass2024', 'lesdémarches', '{My-$3cure-p4ssWord}']
min_complexity = PASSWORD_COMPLEXITY_FOR_ADMIN
let(:email) { 'mail@beta.gouv.fr' }
let(:super_admin) { build(:super_admin, email: email, password: password) }
subject do
super_admin.valid?
super_admin.errors.full_messages
end
context 'when the password is too short' do
let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) }
it 'reports an error about password length (but not about complexity)' do
expect(subject).to eq(["Le champ « Mot de passe » est trop court. Saisir un mot de passe avec au moins 12 caractères"])
end
end
passwords[0..(min_complexity - 1)].each do |simple_password|
context 'when the password is long enough, but too simple' do
let(:password) { simple_password }
it { expect(subject).to eq(["Le champ « Mot de passe » nest pas assez complexe. Saisir un mot de passe plus complexe"]) }
end
end
context 'when the password is long and complex' do
let(:password) { passwords[min_complexity] }
it { expect(subject).to be_empty }
end
end
end