test(auth): cover normalized 2fa recovery codes and status decrement
Some checks are pending
CI / test (push) Has started running
Some checks are pending
CI / test (push) Has started running
This commit is contained in:
@@ -243,3 +243,57 @@ async def test_twofa_recovery_codes_can_login_once(client, db_session):
|
||||
json={"email": payload["email"], "password": payload["password"], "recovery_code": first_code},
|
||||
)
|
||||
assert reuse_recovery_code.status_code == 401
|
||||
|
||||
|
||||
async def test_twofa_recovery_codes_are_normalized_and_decrement_status(client, db_session):
|
||||
payload = {
|
||||
"email": "erin2@example.com",
|
||||
"name": "Erin Two",
|
||||
"username": "erin_two",
|
||||
"password": "strongpass123",
|
||||
}
|
||||
await client.post("/api/v1/auth/register", json=payload)
|
||||
token_row = await db_session.execute(select(EmailVerificationToken).order_by(EmailVerificationToken.id.desc()))
|
||||
verify_token = token_row.scalar_one().token
|
||||
await client.post("/api/v1/auth/verify-email", json={"token": verify_token})
|
||||
|
||||
login_response = await client.post(
|
||||
"/api/v1/auth/login",
|
||||
json={"email": payload["email"], "password": payload["password"]},
|
||||
)
|
||||
assert login_response.status_code == 200
|
||||
access_token = login_response.json()["access_token"]
|
||||
headers = {"Authorization": f"Bearer {access_token}"}
|
||||
|
||||
setup_response = await client.post("/api/v1/auth/2fa/setup", headers=headers)
|
||||
assert setup_response.status_code == 200
|
||||
secret = setup_response.json()["secret"]
|
||||
|
||||
enable_response = await client.post("/api/v1/auth/2fa/enable", headers=headers, json={"code": _totp_code(secret)})
|
||||
assert enable_response.status_code == 200
|
||||
|
||||
regen_response = await client.post(
|
||||
"/api/v1/auth/2fa/recovery-codes/regenerate",
|
||||
headers=headers,
|
||||
json={"code": _totp_code(secret)},
|
||||
)
|
||||
assert regen_response.status_code == 200
|
||||
codes = regen_response.json()["codes"]
|
||||
assert len(codes) >= 2
|
||||
initial_count = len(codes)
|
||||
first_code = codes[0]
|
||||
|
||||
status_before = await client.get("/api/v1/auth/2fa/recovery-codes/status", headers=headers)
|
||||
assert status_before.status_code == 200
|
||||
assert status_before.json()["remaining_codes"] == initial_count
|
||||
|
||||
normalized_variant = first_code.lower().replace("-", "")
|
||||
login_with_normalized_recovery = await client.post(
|
||||
"/api/v1/auth/login",
|
||||
json={"email": payload["email"], "password": payload["password"], "recovery_code": normalized_variant},
|
||||
)
|
||||
assert login_with_normalized_recovery.status_code == 200
|
||||
|
||||
status_after = await client.get("/api/v1/auth/2fa/recovery-codes/status", headers=headers)
|
||||
assert status_after.status_code == 200
|
||||
assert status_after.json()["remaining_codes"] == initial_count - 1
|
||||
|
||||
Reference in New Issue
Block a user