Class: Booth::Testing::Userland::OnboardingToResetPasskeys

Inherits:
IncorporationTestCase show all
Defined in:
lib/booth/testing/userland/onboarding_to_reset_passkeys.rb

Instance Method Summary collapse

Methods included from Shortcuts

#assert_logged_in, #assert_logged_out, #assert_userland_view, #create_and_onboard, #login_with_passkey, #register_new_passkey, #soft_reset_session, #virtual_authenticators, #visit_namespaced

Instance Method Details

#callObject 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
 
# File 'lib/booth/testing/userland/onboarding_to_reset_passkeys.rb', line 7

def call
  before_test&.call

  visit_namespaced controller: :onboardings, action: :show, params: { id: 'wrong-key' }

  # ------------------------------ SIGNIFICANT TEST ---------------------------
  # Onboardings can only be opened with the secret key, typos can be too short.
  # ---------------------------------------------------------------------------
  assert_userland_view controller: :onboardings, step: :not_found

  credential = ::Booth::Models::Credential.create!(
    domain: ::Capybara.app_host.remove('http://'),
    username: 'alice',
    scope:,
  )

  after_credential&.call(credential_id: credential.id)

  temporary_onboarding = ::Booth::Models::Onboarding.create!(
    credential_id: credential.id,
  )

  visit_namespaced controller: :onboardings, action: :show,
                   params: { id: temporary_onboarding.secret_key }

  assert_userland_view controller: :onboardings, step: :redeem
  click_on :submit

  assert_logged_in username: 'alice'

  temporary_onboarding.destroy!
  onboarding = ::Booth::Models::Onboarding.create!(
    credential_id: credential.id,
  )

  visit_namespaced controller: :onboardings, action: :show,
                   params: { id: onboarding.secret_key }

  # ----------------------- SIGNIFICANT TEST ---------------
  # Logged in without Authenticators requires no Onboarding.
  # --------------------------------------------------------
  assert_userland_view controller: :onboardings, step: :not_needed

  virtual_authenticators.create
  visit_namespaced controller: :webauths, action: :new

  assert_userland_view controller: :webauths, step: :register

  click_on :register

  assert_userland_view controller: :webauths, step: :choose_nickname

  fill_in :nickname, with: 'Latchkey'
  click_on :submit

  assert_userland_view controller: :webauths, step: :confirm
  click_on :test

  assert_userland_view controller: :webauths, step: :completed

  authenticator = ::Booth::Models::Authenticator.sole

  assert_equal 'Latchkey', authenticator.nickname

  soft_reset_session

  # Onboard via URL

  visit_namespaced controller: :onboardings, action: :show,
                   params: { id: onboarding.secret_key }

  assert_userland_view controller: :onboardings, step: :redeem

  click_on :submit

  assert_equal 0, ::Booth::Models::Authenticator.count # (Side-effect, so we can avoid sudo)

  visit_namespaced controller: :webauths, action: :new

  # ------------------ SIGNIFICANT TEST -------------------
  # Redeeming an Onboarding allows for adding new Passkeys.
  # -------------------------------------------------------
  assert_userland_view controller: :webauths, step: :register

  click_on :register

  assert_userland_view controller: :webauths, step: :choose_nickname

  fill_in :nickname, with: 'Superkey'
  click_on :submit

  assert_userland_view controller: :webauths, step: :confirm
  click_on :test

  assert_userland_view controller: :webauths, step: :completed

  authenticator = ::Booth::Models::Authenticator.sole

  assert_equal 'Superkey', authenticator.nickname

  travel 2.weeks
  visit_namespaced controller: :onboardings, action: :show,
                   params: { id: onboarding.secret_key }

  # ---------------------- SIGNIFICANT TEST -----------------
  # Cannot open an old Onboarding (even if already consumed).
  # ---------------------------------------------------------
  assert_userland_view controller: :onboardings, step: :timed_out

  ::Booth::Models::Credential.sole.update!(blocked_at: Time.current)

  visit_namespaced controller: :onboardings, action: :show,
                   params: { id: onboarding.secret_key }

  # ---------------------- SIGNIFICANT TEST -----------------
  # Cannot open an old Onboarding when Credential is blocked.
  # ---------------------------------------------------------
  assert_userland_view controller: :onboardings, step: :blocked
end