spec for enable/disable two_factor_authentication

app/controllers/application_controller.rb

@@ -36,11 +36,15 @@ def require_no_user
   end
 
   def require_two_factor
-    return false unless current_user
-    # TODO: return if request_ip matches LAN
+    return false unless current_user && two_factor_required?
     redirect_to confirm_url, :notice => "Session needs confirmation token" unless two_factor_confirmed?
   end
 
+  def two_factor_required?
+    # TODO: check request_ip matches LAN
+    true
+  end
+
   # NOTE:
   # 'two_factor_confirmed?' doesn't persist with "remember_me", it dies
   # with the session.

app/controllers/user_sessions_controller.rb

@@ -13,7 +13,11 @@ def create
     @user_session = UserSession.new(params[:user_session])
     if @user_session.save
       flash[:notice] = "Login successful!"
-      redirect_back '/'
+      if two_factor_required?
+        redirect_to confirm_url
+      else
+        redirect_back '/'
+      end
     else
       render :action => :new
     end

app/views/welcome/index.html.erb

@@ -4,5 +4,5 @@
   <p>You are authorized</p>
 <% else -%>
   <p>You need authorization to go beyond this page.  Please login.</p>
-   <%= link_to "Login", new_user_session_path %></li>
+   <%= link_to "Login", login_url %></li>
 <% end -%>

spec/controllers/user_sessions_controller_spec.rb

@@ -36,19 +36,45 @@
   end
 
   describe "session management" do
-    it "should redirect to the root page on successful login" do
-      user = find_or_create_user("user")
-      post :create, :user_session => { :login => 'user', :password => 'user' }
-      user_session = UserSession.find
-      user_session.should_not be_nil
-      user_session.record.should == user
-      response.should redirect_to('/')
+    context "without two factor authentication" do
+
+      before :each do
+        controller.stub!(:two_factor_required?).and_return(false)
+      end
+
+      it "should redirect to the root page on successful login" do
+        user = find_or_create_user("user")
+        post :create, :user_session => { :login => 'user', :password => 'user' }
+        user_session = UserSession.find
+        user_session.should_not be_nil
+        user_session.record.should == user
+        response.should redirect_to('/')
+      end
+
+      it "should redirect to the login page on session deletion" do
+        login_as(:user)
+        post :destroy
+        response.should redirect_to(login_path)
+      end
     end
 
-    it "should redirect to the login page on session deletion" do
-      login_as(:user)
-      post :destroy
-      response.should redirect_to(login_path)
+    context "with two factor authentication" do
+
+      before :each do
+        controller.stub!(:two_factor_required?).and_return(true)
+      end
+
+      it "should redirect to the confirmation page on successful login" do
+        user = find_or_create_user("user")
+        post :create, :user_session => { :login => 'user', :password => 'user' }
+        user_session = UserSession.find
+        user_session.should_not be_nil
+        user_session.record.should == user
+        response.should redirect_to(confirm_url)
+      end
     end
+
   end
+
+
 end

spec/support/auth_helper.rb

@@ -16,12 +16,16 @@ def find_or_create_user(user_login, options = {})
     user
   end
 
-  def login_as(user_login)
+  def login_as(user_login, options={:two_factor_confirm => true})
     activate_authlogic
     user = find_or_create_user(user_login)
     UserSession.create(user)
-    session[:two_factor_confirmed] = Time.now.utc.to_s(:db)
+    two_factor_confirm if options[:two_factor_confirm]
     user
   end
+
+  def two_factor_confirm
+    session[:two_factor_confirmed] = Time.now.utc.to_s(:db)
+  end
 end