Skip to content

Commit

Permalink
Update test.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Joerger
Joerger committed Oct 15, 2024
1 parent dc536fc commit 9e5d6f7
Showing 1 changed file with 41 additions and 21 deletions.
62 changes: 41 additions & 21 deletions lib/auth/grpcserver_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -464,25 +464,6 @@ func TestDeletingLastPasswordlessDevice(t *testing.T) {
)
},
},
{
// TODO(Joerger): the user may already be locked out from login if a password
// is not set and passwordless is disabled. Prevent them from deleting
// their last passkey to prevent them from being locked out further,
// in the case of passwordless being re-enabled.
name: "succeeds when passwordless is off",
setup: func(t *testing.T, _ string, _ *authclient.Client, _ *TestDevice) {
authPref, err := authServer.GetAuthPreference(ctx)
require.NoError(t, err, "GetAuthPreference")

// Turn off passwordless authentication.
authPref.SetAllowPasswordless(false)
// Set second factor optional so that the user can delete their last MFA device.
authPref.SetSecondFactor(constants.SecondFactorOptional)
_, err = authServer.UpsertAuthPreference(ctx, authPref)
require.NoError(t, err, "UpsertAuthPreference")
},
checkErr: require.NoError,
},
{
name: "OK extra passwordless device",
setup: func(t *testing.T, username string, userClient *authclient.Client, pwdlessDev *TestDevice) {
Expand Down Expand Up @@ -535,7 +516,13 @@ func TestDeletingLastPasswordlessDevice(t *testing.T) {
err := authServer.UpsertPassword(username, []byte("living on the edge"))
require.NoError(t, err, "UpsertPassword")
},
checkErr: require.Error,
checkErr: func(t require.TestingT, err error, _ ...any) {
require.ErrorContains(t,
err,
"cannot delete last passwordless credential for user",
"Unexpected error deleting last passwordless device",
)
},
},
{
name: "NOK other MFAs, but no password set",
Expand All @@ -544,7 +531,40 @@ func TestDeletingLastPasswordlessDevice(t *testing.T) {
ctx, userClient, "another-dev", proto.DeviceType_DEVICE_TYPE_TOTP, pwdlessDev, WithTestDeviceClock(clock))
require.NoError(t, err, "RegisterTestDevice")
},
checkErr: require.Error,
checkErr: func(t require.TestingT, err error, _ ...any) {
require.ErrorContains(t,
err,
"cannot delete last passwordless credential for user",
"Unexpected error deleting last passwordless device",
)
},
},
{
// TODO(Joerger): the user may already be locked out from login if a password
// is not set and passwordless is disabled. Prevent them from deleting
// their last passkey to prevent them from being locked out further,
// in the case of passwordless being re-enabled.
name: "NOK other MFAs, but no password set, passwordless is off",
setup: func(t *testing.T, _ string, userClient *authclient.Client, pwdlessDev *TestDevice) {
// Register a non-passwordless device without adding a password.
_, err := RegisterTestDevice(ctx, userClient, "another-dev", proto.DeviceType_DEVICE_TYPE_TOTP, pwdlessDev, WithTestDeviceClock(clock))
require.NoError(t, err, "RegisterTestDevice")

authPref, err := authServer.GetAuthPreference(ctx)
require.NoError(t, err, "GetAuthPreference")

// Turn off passwordless authentication.
authPref.SetAllowPasswordless(false)
_, err = authServer.UpsertAuthPreference(ctx, authPref)
require.NoError(t, err, "UpsertAuthPreference")
},
checkErr: func(t require.TestingT, err error, _ ...any) {
require.ErrorContains(t,
err,
"cannot delete last passwordless credential for user",
"Unexpected error deleting last passwordless device",
)
},
},
}

Expand Down

0 comments on commit 9e5d6f7

Please sign in to comment.