Restructure omni services and add Chatwoot research snapshot

2026-02-21 11:11:27 +07:00
parent edea7a0034
commit b73babbbf6
7732 changed files with 978203 additions and 32 deletions
--- a/research/chatwoot/spec/services/mfa/authentication_service_spec.rb
+++ b/research/chatwoot/spec/services/mfa/authentication_service_spec.rb
@@ -0,0 +1,106 @@
+require 'rails_helper'
+
+describe Mfa::AuthenticationService do
+  before do
+    skip('Skipping since MFA is not configured in this environment') unless Chatwoot.encryption_configured?
+    user.enable_two_factor!
+    user.update!(otp_required_for_login: true)
+  end
+
+  let(:user) { create(:user) }
+
+  describe '#authenticate' do
+    context 'with OTP code' do
+      context 'when OTP is valid' do
+        it 'returns true' do
+          valid_otp = user.current_otp
+          service = described_class.new(user: user, otp_code: valid_otp)
+          expect(service.authenticate).to be_truthy
+        end
+      end
+
+      context 'when OTP is invalid' do
+        it 'returns false' do
+          service = described_class.new(user: user, otp_code: '000000')
+          expect(service.authenticate).to be_falsey
+        end
+      end
+
+      context 'when OTP is nil' do
+        it 'returns false' do
+          service = described_class.new(user: user, otp_code: nil)
+          expect(service.authenticate).to be_falsey
+        end
+      end
+    end
+
+    context 'with backup code' do
+      let(:backup_codes) { user.generate_backup_codes! }
+
+      context 'when backup code is valid' do
+        it 'returns true and invalidates the code' do
+          valid_code = backup_codes.first
+          service = described_class.new(user: user, backup_code: valid_code)
+
+          expect(service.authenticate).to be_truthy
+
+          # Code should be invalidated after use
+          user.reload
+          expect(user.otp_backup_codes).to include('XXXXXXXX')
+        end
+      end
+
+      context 'when backup code is invalid' do
+        it 'returns false' do
+          service = described_class.new(user: user, backup_code: 'invalid')
+          expect(service.authenticate).to be_falsey
+        end
+      end
+
+      context 'when backup code has already been used' do
+        it 'returns false' do
+          valid_code = backup_codes.first
+          # Use the code once
+          service = described_class.new(user: user, backup_code: valid_code)
+          service.authenticate
+
+          # Try to use it again
+          service2 = described_class.new(user: user.reload, backup_code: valid_code)
+          expect(service2.authenticate).to be_falsey
+        end
+      end
+    end
+
+    context 'with neither OTP nor backup code' do
+      it 'returns false' do
+        service = described_class.new(user: user)
+        expect(service.authenticate).to be_falsey
+      end
+    end
+
+    context 'when user is nil' do
+      it 'returns false' do
+        service = described_class.new(user: nil, otp_code: '123456')
+        expect(service.authenticate).to be_falsey
+      end
+    end
+
+    context 'when both OTP and backup code are provided' do
+      it 'uses OTP authentication first' do
+        valid_otp = user.current_otp
+        backup_codes = user.generate_backup_codes!
+
+        service = described_class.new(
+          user: user,
+          otp_code: valid_otp,
+          backup_code: backup_codes.first
+        )
+
+        expect(service.authenticate).to be_truthy
+        # Backup code should not be consumed
+        user.reload
+        expect(user.otp_backup_codes).not_to include('XXXXXXXX')
+      end
+    end
+  end
+end