Sha256: a3afc01e8dabfd8259118f671a2160104696fc0e89b0f17070becde753ec4ca1

Contents?: true

Size: 1.28 KB

Versions: 4

Compression:

Stored size: 1.28 KB

Contents

require 'spec_helper'

describe SorceryController, type: :controller do
  let(:user) { double('user', id: 42, email: 'bla@bla.com') }

  def request_test_login
    get :test_login, params: { email: 'bla@bla.com', password: 'blabla' }
  end

  # ----------------- SESSION TIMEOUT -----------------------
  describe 'brute force protection features' do
    before(:all) do
      sorcery_reload!([:brute_force_protection])
    end

    after(:each) do
      Sorcery::Controller::Config.reset!
      sorcery_controller_property_set(:user_class, User)
      Timecop.return
    end

    it 'counts login retries' do
      allow(User).to receive(:authenticate)
      allow(User.sorcery_adapter).to receive(:find_by_credentials).with(['bla@bla.com', 'blabla']).and_return(user)

      expect(user).to receive(:register_failed_login!).exactly(3).times

      3.times { request_test_login }
    end

    it 'resets the counter on a good login' do
      # dirty hack for rails 4
      allow(@controller).to receive(:register_last_activity_time_to_db)

      allow(User).to receive(:authenticate).and_return(user)
      expect(user).to receive_message_chain(:sorcery_adapter, :update_attribute).with(:failed_logins_count, 0)

      get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
sorcery-0.10.3 spec/controllers/controller_brute_force_protection_spec.rb
sorcery-0.10.2 spec/controllers/controller_brute_force_protection_spec.rb
sorcery-0.10.1 spec/controllers/controller_brute_force_protection_spec.rb
sorcery-0.10.0 spec/controllers/controller_brute_force_protection_spec.rb