Module: Booth::Testing::Userland::SessionsManageBehavior

Includes:
Logging
Included in:
SessionsRevokeAllOthers, SessionsRevokeOne
Defined in:
lib/booth/testing/userland/sessions_manage_behavior.rb

Instance Method Summary collapse

Instance Method Details

#run(button_name:, template:) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'lib/booth/testing/userland/sessions_manage_behavior.rb', line 9

def run(button_name:, template:)
  before_test&.call

  create_and_onboard(username: 'alice')
  latchkey = virtual_authenticators.create
  register_new_passkey(username: 'alice')

  # Capture credentials after registration
  latchkey.pull

  using_session(:"second_browser_#{button_name}") do
    virtual_authenticators.import(latchkey)
    (username: 'alice')

    # Capture updated sign count from second browser
    latchkey.pull

    visit_namespaced controller: :sessions, action: :index

    assert_userland_view controller: :sessions, step: :index
    click_on button_name

    # ----------------- SIGNIFICANT TEST -------------------
    # Revoking another sessions keeps the current one alive.
    # ------------------------------------------------------
    assert_logged_in username: 'alice'
  end

  visit current_path

  # Refresh to force session validation with server
  page.refresh

  # ----------- SIGNIFICANT TEST ---------------
  # A revoked session is not logged in any more.
  # --------------------------------------------
  assert_logged_out

  # Sync sign count from second browser to first browser
  latchkey.push

  # Login on first device again and revoke all others
  (username: 'alice')

  visit_namespaced controller: :sessions, action: :index

  assert_userland_view controller: :sessions, step: :index
  travel 21.minutes
  visit_namespaced controller: :sessions, action: :index

  assert_userland_view controller: :sessions, step: :index
  click_on button_name

  assert_userland_view controller: :sessions, step: template
  click_on :authenticate

  assert_userland_view controller: :sessions, step: :index

  using_session(:"second_browser_#{button_name}") do
    visit_namespaced controller: :sessions, action: :index

    # ----------- SIGNIFICANT TEST ---------------
    # A revoked session is not logged in any more.
    # --------------------------------------------
    assert_logged_out
  end
end