diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb index 39a6d293e..db21f5c7e 100644 --- a/app/controllers/concerns/authentication.rb +++ b/app/controllers/concerns/authentication.rb @@ -2,6 +2,9 @@ module Authentication extend ActiveSupport::Concern included do + # Checking for tenant must happen first so we redirect before trying to access the db. + before_action :require_tenant + before_action :set_current_account before_action :require_authentication helper_method :authenticated? @@ -19,6 +22,7 @@ module Authentication end def require_untenanted_access(**options) + skip_before_action :require_tenant, **options skip_before_action :set_current_account, **options skip_before_action :require_authentication, **options before_action :redirect_tenanted_request, **options @@ -30,6 +34,10 @@ module Authentication Current.session.present? end + def require_tenant + ApplicationRecord.current_tenant.present? || request_authentication + end + def require_authentication resume_session || request_authentication end @@ -48,7 +56,7 @@ module Authentication def request_authentication session[:return_to_after_authenticating] = request.url - redirect_to Launchpad.login_url(account: Current.account), allow_other_host: true + redirect_to Launchpad.login_url(product: true, account: Current.account), allow_other_host: true end def after_authentication_url diff --git a/test/controllers/controller_authentication_test.rb b/test/controllers/controller_authentication_test.rb new file mode 100644 index 000000000..5ed34292f --- /dev/null +++ b/test/controllers/controller_authentication_test.rb @@ -0,0 +1,25 @@ +require "test_helper" + +class ControllerAuthenticationTest < ActionDispatch::IntegrationTest + test "access without an account slug redirects to launchpad" do + integration_session.default_url_options[:script_name] = "" # no tenant + + get cards_path + + assert_redirected_to Launchpad.login_url(product: true) + end + + test "access with an account slug but no session redirects to launchpad" do + get cards_path + + assert_redirected_to Launchpad.login_url(product: true, account: Account.sole) + end + + test "access with an account slug and a session allows functional access" do + sign_in_as :kevin + + get cards_path + + assert_response :success + end +end