Confirm User#login_activities in auth/sessions spec (#35372)

2025-07-15 02:31:00 -04:00
parent 1637297085
commit 30344d6abf
6 changed files with 36 additions and 21 deletions
--- a/spec/controllers/auth/sessions_controller_spec.rb
+++ b/spec/controllers/auth/sessions_controller_spec.rb
@@ -100,11 +100,14 @@ RSpec.describe Auth::SessionsController do
      let(:user) { Fabricate(:user, email: 'foo@bar.com', password: 'abcdefgh') }

      context 'when using a valid password' do
-        before do
+        subject do
          post :create, params: { user: { email: user.email, password: user.password } }
        end

        it 'redirects to home and logs the user in' do
+          expect { subject }
+            .to change(user.login_activities.where(success: true), :count).by(1)
+
          expect(response).to redirect_to(root_path)

          expect(controller.current_user).to eq user
@@ -265,10 +268,9 @@ RSpec.describe Auth::SessionsController do

          it 'does not log the user in, sets a flash message, and sends a suspicious sign in email', :inline_jobs do
            emails = capture_emails do
-              Auth::SessionsController::MAX_2FA_ATTEMPTS_PER_HOUR.times do
-                post :create, params: { user: { otp_attempt: '1234' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
-                expect(controller.current_user).to be_nil
-              end
+              expect { process_maximum_two_factor_attempts }
+                .to change(user.login_activities.where(success: false), :count).by(1)
+
              post :create, params: { user: { otp_attempt: user.current_otp } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
            end

@@ -286,6 +288,13 @@ RSpec.describe Auth::SessionsController do
                subject: eq(I18n.t('user_mailer.failed_2fa.subject'))
              )
          end
+
+          def process_maximum_two_factor_attempts
+            Auth::SessionsController::MAX_2FA_ATTEMPTS_PER_HOUR.times do
+              post :create, params: { user: { otp_attempt: '1234' } }, session: { attempt_user_id: user.id, attempt_user_updated_at: user.updated_at.to_s }
+              expect(controller.current_user).to be_nil
+            end
+          end
        end

        context 'when using a valid OTP' do