Merge pull request #165 from joel/improve-tests

Minor fix and increase test coverage.
cedarcode · Oct 14, 2024 · e75980f · e75980f
2 parents 9f00511 + 321a43d
commit e75980f
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 7 deletions.
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
@@ -31,19 +31,19 @@ def create
   def callback
     webauthn_credential = WebAuthn::Credential.from_create(params)
 
-    user = User.create!(session[:current_registration]["user_attributes"])
+    user = User.new(session[:current_registration]["user_attributes"])
 
     begin
       webauthn_credential.verify(session[:current_registration]["challenge"], user_verification: true)
 
-      credential = user.credentials.build(
+      user.credentials.build(
         external_id: Base64.strict_encode64(webauthn_credential.raw_id),
         nickname: params[:credential_nickname],
         public_key: webauthn_credential.public_key,
         sign_count: webauthn_credential.sign_count
       )
 
-      if credential.save
+      if user.save
         sign_in(user)
 
         render json: { status: "ok" }, status: :ok

diff --git a/test/controllers/registrations_controller_test.rb b/test/controllers/registrations_controller_test.rb
@@ -55,12 +55,41 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
       ]
     )
 
-    post(
-      callback_registration_url,
-      params: { credential_nickname: "USB Key" }.merge(public_key_credential)
-    )
+    assert_no_difference -> { User.count } do
+      post(
+        callback_registration_url,
+        params: { credential_nickname: "USB Key" }.merge(public_key_credential)
+      )
+    end
 
     assert_response :unprocessable_entity
     assert_equal "Couldn't register your Security Key", response.body
   end
+
+  test "should register successfully" do
+    raw_challenge = SecureRandom.random_bytes(32)
+    challenge = WebAuthn.configuration.encoder.encode(raw_challenge)
+
+    WebAuthn::PublicKeyCredential::CreationOptions.stub_any_instance(:raw_challenge, raw_challenge) do
+      post registration_url, params: { registration: { username: "alice" }, format: :json }
+
+      assert_response :success
+    end
+
+    public_key_credential =
+      WebAuthn::FakeClient
+      .new(Rails.configuration.webauthn_origin)
+      .create(challenge:, user_verified: true)
+
+    assert_difference 'User.count', +1 do
+      assert_difference 'Credential.count', +1 do
+        post(
+          callback_registration_url,
+          params: { credential_nickname: "USB Key" }.merge(public_key_credential)
+        )
+      end
+    end
+
+    assert_response :success
+  end
 end