Untenanted access in authenticated controllers should request auth
This commit is contained in:
@@ -2,6 +2,9 @@ module Authentication
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
included do
|
||||
# Checking for tenant must happen first so we redirect before trying to access the db.
|
||||
before_action :require_tenant
|
||||
|
||||
before_action :set_current_account
|
||||
before_action :require_authentication
|
||||
helper_method :authenticated?
|
||||
@@ -19,6 +22,7 @@ module Authentication
|
||||
end
|
||||
|
||||
def require_untenanted_access(**options)
|
||||
skip_before_action :require_tenant, **options
|
||||
skip_before_action :set_current_account, **options
|
||||
skip_before_action :require_authentication, **options
|
||||
before_action :redirect_tenanted_request, **options
|
||||
@@ -30,6 +34,10 @@ module Authentication
|
||||
Current.session.present?
|
||||
end
|
||||
|
||||
def require_tenant
|
||||
ApplicationRecord.current_tenant.present? || request_authentication
|
||||
end
|
||||
|
||||
def require_authentication
|
||||
resume_session || request_authentication
|
||||
end
|
||||
@@ -48,7 +56,7 @@ module Authentication
|
||||
def request_authentication
|
||||
session[:return_to_after_authenticating] = request.url
|
||||
|
||||
redirect_to Launchpad.login_url(account: Current.account), allow_other_host: true
|
||||
redirect_to Launchpad.login_url(product: true, account: Current.account), allow_other_host: true
|
||||
end
|
||||
|
||||
def after_authentication_url
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
require "test_helper"
|
||||
|
||||
class ControllerAuthenticationTest < ActionDispatch::IntegrationTest
|
||||
test "access without an account slug redirects to launchpad" do
|
||||
integration_session.default_url_options[:script_name] = "" # no tenant
|
||||
|
||||
get cards_path
|
||||
|
||||
assert_redirected_to Launchpad.login_url(product: true)
|
||||
end
|
||||
|
||||
test "access with an account slug but no session redirects to launchpad" do
|
||||
get cards_path
|
||||
|
||||
assert_redirected_to Launchpad.login_url(product: true, account: Account.sole)
|
||||
end
|
||||
|
||||
test "access with an account slug and a session allows functional access" do
|
||||
sign_in_as :kevin
|
||||
|
||||
get cards_path
|
||||
|
||||
assert_response :success
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user