Refactor validity of token authentication

2022-09-02 14:26:41 +02:00
parent e77223e628
commit b6837e9539
2 changed files with 23 additions and 1 deletions
--- a/spec/features/authentication_spec.rb
+++ b/spec/features/authentication_spec.rb
@ -78,6 +78,25 @@ describe 'Authentication' do
          expect(page).to have_content(I18n.t('application.not_authorized'))
        end
      end
+
+      context 'when the authentication token is used to login' do
+        let(:token) { create(:authentication_token, user: user) }
+
+        it 'invalidates the token on login' do
+          mail.deliver_now
+          visit(rfc_link)
+          expect(token.reload.expire_at).to be_within(10.seconds).of(Time.zone.now)
+        end
+
+        it 'does not allow a second login' do
+          mail.deliver_now
+          visit(rfc_link)
+          expect(page).to have_current_path(rfc_link)
+          visit(sign_out_path)
+          visit(rfc_link)
+          expect(page).to have_current_path(root_path)
+        end
+      end
    end
  end