Untenanted access in authenticated controllers should request auth

This commit is contained in:
Mike Dalessio
2025-07-03 09:58:40 -04:00
parent a268a5f00b
commit 0c341d14e1
2 changed files with 34 additions and 1 deletions
+9 -1
View File
@@ -2,6 +2,9 @@ module Authentication
extend ActiveSupport::Concern
included do
# Checking for tenant must happen first so we redirect before trying to access the db.
before_action :require_tenant
before_action :set_current_account
before_action :require_authentication
helper_method :authenticated?
@@ -19,6 +22,7 @@ module Authentication
end
def require_untenanted_access(**options)
skip_before_action :require_tenant, **options
skip_before_action :set_current_account, **options
skip_before_action :require_authentication, **options
before_action :redirect_tenanted_request, **options
@@ -30,6 +34,10 @@ module Authentication
Current.session.present?
end
def require_tenant
ApplicationRecord.current_tenant.present? || request_authentication
end
def require_authentication
resume_session || request_authentication
end
@@ -48,7 +56,7 @@ module Authentication
def request_authentication
session[:return_to_after_authenticating] = request.url
redirect_to Launchpad.login_url(account: Current.account), allow_other_host: true
redirect_to Launchpad.login_url(product: true, account: Current.account), allow_other_host: true
end
def after_authentication_url
@@ -0,0 +1,25 @@
require "test_helper"
class ControllerAuthenticationTest < ActionDispatch::IntegrationTest
test "access without an account slug redirects to launchpad" do
integration_session.default_url_options[:script_name] = "" # no tenant
get cards_path
assert_redirected_to Launchpad.login_url(product: true)
end
test "access with an account slug but no session redirects to launchpad" do
get cards_path
assert_redirected_to Launchpad.login_url(product: true, account: Account.sole)
end
test "access with an account slug and a session allows functional access" do
sign_in_as :kevin
get cards_path
assert_response :success
end
end