From 05d176cc314026a78b7f07ca2b8e311c35b79e83 Mon Sep 17 00:00:00 2001 From: Kevin McConnell Date: Thu, 11 Dec 2025 12:49:03 +0000 Subject: [PATCH] Test that sign in respects single tenant state --- test/controllers/sessions_controller_test.rb | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 7ebe4d518..f1d6b65c9 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -36,6 +36,21 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest end end + test "create for a new user when single tenant mode already has a tenant" do + with_multi_tenant_mode(false) do + untenanted do + assert_no_difference -> { MagicLink.count } do + assert_no_difference -> { Identity.count } do + post session_path, + params: { email_address: "nonexistent-#{SecureRandom.hex(6)}@example.com" } + end + end + + assert_redirected_to session_magic_link_path + end + end + end + test "create with invalid email address" do # Avoid Sentry exceptions when attackers try to stuff invalid emails. The browser performs form # field validation that should normally prevent this from occurring, so I'm not worried about