# frozen_string_literal: true require 'rails_helper' RSpec.describe Users::SessionsController, type: :controller do describe 'POST #create' do before do @request.env['devise.mapping'] = Devise.mappings[:user] end let(:user) { create :user } let(:password) { 'asdf1243' } let(:params) do { user: { email: user.email, password: password } } end let(:action) do post :create, params: params end context 'when have invalid email or password' do let(:password) { '123' } it 'returns error message' do action expect(flash[:alert]).to eq('Invalid Email or password.') end it 'does not set current user' do expect { action }.not_to(change { subject.current_user }) end end context 'when have valid email and password' do context 'when user has 2FA disabled' do it 'returns successfully log in' do action expect(flash[:notice]).to eq('Logged in successfully.') end it 'sets current user' do expect { action }.to(change { subject.current_user }.from(nil).to(User)) end end context 'when user has 2FA enabled' do it 'renders 2FA page' do user.two_factor_auth_enabled = true user.save! expect(action).to render_template('users/sessions/two_factor_auth') end end end end describe 'POST #authenticate_with_two_factor' do before do @request.env['devise.mapping'] = Devise.mappings[:user] end let(:user) { create :user } let(:params) { { otp: '123123' } } let(:otp_user_id) { user.id } let(:action) do post :authenticate_with_two_factor, params: params, session: { otp_user_id: otp_user_id } end context 'when have valid otp' do it 'sets current user' do allow_any_instance_of(User).to receive(:valid_otp?).and_return(true) expect { action }.to(change { subject.current_user }.from(nil).to(User)) end end context 'when have invalid valid otp' do it 'returns error message' do allow_any_instance_of(User).to receive(:valid_otp?).and_return(nil) action expect(flash[:alert]).to eq(I18n.t('devise.sessions.2fa.error_message')) end it 'does not set current user' do allow_any_instance_of(User).to receive(:valid_otp?).and_return(nil) expect { action }.not_to(change { subject.current_user }) end end context 'when user is not found' do let(:otp_user_id) { -1 } it 'returns error message' do action expect(flash[:alert]).to eq('Cannot find user!') end end end end