devise-webauthn/spec/requests/devise/passkey_registration_options_controller_spec.rb at 40a09c9500a66b3740c2a07520a3ef9019d4385e · cedarcode/devise-webauthn · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# frozen_string_literal: true

require "spec_helper"

RSpec.describe Devise::PasskeyRegistrationOptionsController, type: :request do
  let(:user) { Account.create!(email: "test@example.com", password: "password123") }

  describe "GET #index" do
    context "when user is not authenticated" do
      it "redirects to the sign-in page" do
        get account_passkey_registration_options_path
        expect(response).to redirect_to(new_account_session_path)
      end
    end

    context "when user is authenticated" do
      before do
        sign_in user, scope: :account
      end

      it "returns webauthn create options as json and stores the challenge in session" do
        get account_passkey_registration_options_path

        expect(response).to have_http_status(:ok)

        json = response.parsed_body
        expect(json["challenge"]).to be_present

        expect(session[:webauthn_challenge]).to eq(json["challenge"])
      end

      it "generates a new challenge on each request" do
        get account_passkey_registration_options_path
        first_challenge = session[:webauthn_challenge]

        get account_passkey_registration_options_path
        second_challenge = session[:webauthn_challenge]

        expect(first_challenge).to be_present
        expect(second_challenge).to be_present
        expect(second_challenge).not_to eq(first_challenge)
      end
    end
  end
end