9510ea2cdd
This adds a Rodauth configuration to the admin site. The Rodauth
configuration requires password+WebAuthn authentication. It
supports changing passwords, but not resetting passwords, and
it does not support creating accounts. To create an account
on the admin site, you need to run the following code in pry:
```ruby
CloverAdmin.create_admin_account("your-user-name")
```
This will create a random password, add the account to the
datbaase, and return the password. You can then login to the
admin site using the username and password, after which you
will be prompted to setup WebAuthn authentication. After
setting up WebAuthn authentication, you can change your
password (alternatively, pass a password of your choice
as a second argument to CloverAdmin.create_admin_account).
Took me a while to figure out that you need to use
Capybara.default_host= to set the host name, otherwise,
you get broken behavior when using visit. Since that only
should be set for requests to the admin site, this sets
the default_host back to the default in the after hook.
49 lines
1.6 KiB
Ruby
49 lines
1.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require_relative "../spec_helper"
|
|
|
|
require "webauthn/fake_client"
|
|
|
|
RSpec.configure do |config|
|
|
config.define_derived_metadata(file_path: %r{\A\./spec/routes/web/admin/}) do |metadata|
|
|
metadata[:clover_admin] = true
|
|
end
|
|
|
|
config.before do |example|
|
|
Capybara.default_host = "http://admin.ubicloud.com" if example.metadata[:clover_admin]
|
|
end
|
|
|
|
config.include(Module.new do
|
|
def admin_webauthn_client
|
|
@admin_webauthn_client ||= WebAuthn::FakeClient.new("http://admin.ubicloud.com")
|
|
end
|
|
|
|
def admin_account_setup_and_login(password: TEST_USER_PASSWORD)
|
|
CloverAdmin.create_admin_account("admin", password)
|
|
visit "/"
|
|
admin_login(password:)
|
|
admin_webauthn_auth_setup(password:)
|
|
end
|
|
|
|
def admin_login(password: TEST_USER_PASSWORD)
|
|
fill_in "Login", with: "admin"
|
|
fill_in "Password", with: password
|
|
click_button "Login"
|
|
end
|
|
|
|
def admin_webauthn_auth_setup(password: TEST_USER_PASSWORD)
|
|
challenge = JSON.parse(page.find_by_id("webauthn-setup-form")["data-credential-options"])["challenge"]
|
|
fill_in "Password", with: password
|
|
fill_in "webauthn_setup", with: admin_webauthn_client.create(challenge:).to_json
|
|
click_button "Setup WebAuthn Authentication"
|
|
expect(page).to have_flash_notice("WebAuthn authentication is now setup")
|
|
end
|
|
|
|
def admin_webauthn_auth
|
|
challenge = JSON.parse(page.find_by_id("webauthn-auth-form")["data-credential-options"])["challenge"]
|
|
fill_in "webauthn_auth", with: admin_webauthn_client.get(challenge: challenge).to_json
|
|
click_button "Authenticate Using WebAuthn"
|
|
end
|
|
end)
|
|
end
|