spec/models/authentication_event_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe AuthenticationEvent do
  describe 'associations' do
    it { is_expected.to belong_to(:user).optional }
  end

  describe 'validations' do
    it { is_expected.to validate_presence_of(:provider) }
    it { is_expected.to validate_presence_of(:user_name) }
    it { is_expected.to validate_presence_of(:result) }

    include_examples 'validates IP address' do
      let(:attribute) { :ip_address }
      let(:object) { create(:authentication_event) }
    end
  end

  describe 'scopes' do
    let_it_be(:ldap_event) { create(:authentication_event, provider: :ldapmain, result: :failed) }
    let_it_be(:google_oauth2) { create(:authentication_event, provider: :google_oauth2, result: :success) }

    describe '.for_provider' do
      it 'returns events only for the specified provider' do
        expect(described_class.for_provider(:ldapmain)).to match_array ldap_event
      end
    end

    describe '.ldap' do
      it 'returns all events for an LDAP provider' do
        expect(described_class.ldap).to match_array ldap_event
      end
    end
  end

  describe '.providers' do
    before do
      allow(Devise).to receive(:omniauth_providers).and_return(%w(ldapmain google_oauth2))
    end

    it 'returns an array of distinct providers' do
      expect(described_class.providers).to match_array %w(ldapmain google_oauth2 standard two-factor two-factor-via-u2f-device two-factor-via-webauthn-device)
    end
  end

  describe '.initial_login_or_known_ip_address?' do
    let_it_be(:user) { create(:user) }
    let_it_be(:ip_address) { '127.0.0.1' }

    subject { described_class.initial_login_or_known_ip_address?(user, ip_address) }

    context 'on first login, when no record exists yet' do
      it { is_expected.to eq(true) }
    end

    context 'on second login from the same ip address' do
      before do
        create(:authentication_event, :successful, user: user, ip_address: ip_address)
      end

      it { is_expected.to eq(true) }
    end

    context 'on second login from another ip address' do
      before do
        create(:authentication_event, :successful, user: user, ip_address: '1.2.3.4')
      end

      it { is_expected.to eq(false) }
    end
  end
end