# frozen_string_literal: true require "feature_spec_helper" module NulogySSO RSpec.describe "the SSO login process", type: :feature, js: true do let(:email) { "test@nulogy.com" } let(:auth_mock) { TestUtilities::AuthMock.new } let(:test_helper) { TestUtilities::TestHelper.new } describe "login flow" do it "can successfully login" do auth_mock.setup(email: email, redirect_path: "/hello_world") create_user visit "/hello_world" expect(page).to have_content("Hello World") end it "shows an error page when the user can authorize with Auth0 but not exist in the app" do auth_mock.setup(email: email) visit "/hello_world" expect(page).to have_content("An SSO error has occurred :(") end it "shows an error page when Auth0 throws an error" do auth_mock.setup(email: email, status_code: 403) create_user visit "/hello_world" expect(page).to have_content("An SSO error has occurred :(") end end describe "JWT authentication" do let!(:user) { create_user } before do auth_mock.mockserver_reset auth_mock.setup_jwks # have to visit an unauthenticated endpoint in order for capybara to have something to have a tab to set the cookie on visit "/robots.txt" end it "allows a user with a valid JWT to visit a secured endpoint" do set_access_token_cookie(test_helper.jwt(email)) visit "/hello_world" expect(page).to have_content("Hello World") end it "prevents sessions with invalid JWTs from accessing secured endpoints" do set_access_token_cookie(test_helper.jwt(email, "exp" => (Time.now - 1.day).to_i)) visit "/hello_world" expect(current_path).to eq("/authorize") end it "prevents sessions with no JWT from accessing secured endpoints" do visit "/hello_world" expect(current_path).to eq("/authorize") end def set_access_token_cookie(token) page.driver.browser.manage.add_cookie(name: NulogySSO.auth_cookie_key, value: token) end end def create_user User.create!(email: email) end end end