diff --git a/app/controllers/join_codes_controller.rb b/app/controllers/join_codes_controller.rb index 972420439..4bd5293ea 100644 --- a/app/controllers/join_codes_controller.rb +++ b/app/controllers/join_codes_controller.rb @@ -2,6 +2,7 @@ class JoinCodesController < ApplicationController require_untenanted_access allow_unauthenticated_access before_action :set_join_code + before_action :ensure_join_code_is_valid def new @account_name = ApplicationRecord.with_tenant(tenant) { Account.sole.name } @@ -14,10 +15,15 @@ class JoinCodesController < ApplicationController identity.send_magic_link end + session[:return_to_after_authenticating] = root_url(script_name: "/#{tenant}") redirect_to session_magic_link_path end private + def ensure_join_code_is_valid + head :not_found unless @join_code&.active? + end + def set_join_code @join_code ||= ApplicationRecord.with_tenant(tenant) { Account::JoinCode.active.find_by(code: code) } end diff --git a/test/controllers/join_codes_controller_test.rb b/test/controllers/join_codes_controller_test.rb new file mode 100644 index 000000000..de8c5daa5 --- /dev/null +++ b/test/controllers/join_codes_controller_test.rb @@ -0,0 +1,62 @@ +require "test_helper" + +class JoinCodesControllerTest < ActionDispatch::IntegrationTest + setup do + @tenant = ApplicationRecord.current_tenant + @join_code = account_join_codes(:sole) + end + + test "new" do + untenanted do + get join_path(tenant: @tenant, code: @join_code.code) + end + + assert_response :success + assert_in_body "37signals" + end + + test "new with an invalid code" do + untenanted do + get join_path(tenant: @tenant, code: "INVALID-CODE") + end + + assert_response :not_found + end + + test "new with an inactive code" do + @join_code.update!(usage_count: @join_code.usage_limit) + + untenanted do + get join_path(tenant: @tenant, code: @join_code.code) + end + + assert_response :not_found + end + + test "create" do + untenanted do + assert_difference -> { Identity.count }, 1 do + assert_difference -> { Membership.count }, 1 do + post join_path(tenant: @tenant, code: @join_code.code), params: { email_address: "new_user@example.com" } + end + end + + assert_redirected_to session_magic_link_path + assert_equal root_url(script_name: "/#{@tenant}"), session[:return_to_after_authenticating] + end + end + + test "create for existing identity" do + identity = identities(:jz) + + untenanted do + assert_no_difference -> { Identity.count } do + assert_difference -> { Membership.count }, 1 do + post join_path(tenant: @tenant, code: @join_code.code), params: { email_address: identity.email_address } + end + end + + assert_redirected_to session_magic_link_path + end + end +end diff --git a/test/fixtures/account/join_codes.yml b/test/fixtures/account/join_codes.yml index d346d7e65..daba73e66 100644 --- a/test/fixtures/account/join_codes.yml +++ b/test/fixtures/account/join_codes.yml @@ -1,5 +1,3 @@ -# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html - sole: code: 1234-5678-9XYZ usage_count: 0