diff --git a/Gemfile.saas.lock b/Gemfile.saas.lock index 0e4a78540..e9a585a26 100644 --- a/Gemfile.saas.lock +++ b/Gemfile.saas.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/basecamp/fizzy-saas - revision: 4740eeaa3ac652bfb695282a963a79fa1a1409e3 + revision: 0c6f9f6c7fa767fb83645286cdaf6705f9b753a5 ref: remove-unused-route specs: fizzy-saas (0.1.0) @@ -53,7 +53,7 @@ GIT GIT remote: https://github.com/rails/rails.git - revision: 4f7ab01bb5d6be78c7447dbb230c55027d08ae34 + revision: 690ec8898318b8f50714e86676353ebe1551261e branch: main specs: actioncable (8.2.0.alpha) @@ -424,7 +424,7 @@ GEM rake-compiler-dock (1.9.1) rb_sys (0.9.117) rake-compiler-dock (= 1.9.1) - rdoc (6.15.1) + rdoc (6.16.1) erb psych (>= 4.0.0) tsort @@ -480,10 +480,10 @@ GEM rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 4.0) websocket (~> 1.0) - sentry-rails (6.1.1) + sentry-rails (6.2.0) railties (>= 5.2.0) - sentry-ruby (~> 6.1.1) - sentry-ruby (6.1.1) + sentry-ruby (~> 6.2.0) + sentry-ruby (6.2.0) bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) sniffer (0.5.0) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index facc98e17..72131e61c 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,13 +1,4 @@ class SessionsController < ApplicationController - # FIXME: Remove this before launch! - unless Rails.env.local? - http_basic_authenticate_with \ - name: Rails.application.credentials.account_signup_http_basic_auth.name, - password: Rails.application.credentials.account_signup_http_basic_auth.password, - realm: "Fizzy Signup", - only: :create, unless: -> { Identity.exists?(email_address: email_address) } - end - disallow_account_scope require_unauthenticated_access except: :destroy rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_path, alert: "Try again later." } diff --git a/app/controllers/signup/completions_controller.rb b/app/controllers/signups/completions_controller.rb similarity index 88% rename from app/controllers/signup/completions_controller.rb rename to app/controllers/signups/completions_controller.rb index d7f09c086..f0ea56ff9 100644 --- a/app/controllers/signup/completions_controller.rb +++ b/app/controllers/signups/completions_controller.rb @@ -1,4 +1,4 @@ -class Signup::CompletionsController < ApplicationController +class Signups::CompletionsController < ApplicationController layout "public" disallow_account_scope diff --git a/app/controllers/signups_controller.rb b/app/controllers/signups_controller.rb index 5d4aa0eef..ea88383e0 100644 --- a/app/controllers/signups_controller.rb +++ b/app/controllers/signups_controller.rb @@ -1,7 +1,16 @@ class SignupsController < ApplicationController + # FIXME: Remove this before launch! + unless Rails.env.local? + http_basic_authenticate_with \ + name: Rails.application.credentials.account_signup_http_basic_auth.name, + password: Rails.application.credentials.account_signup_http_basic_auth.password, + realm: "Fizzy Signup" + end + disallow_account_scope allow_unauthenticated_access rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_signup_path, alert: "Try again later." } + before_action :redirect_authenticated_user layout "public" @@ -10,15 +19,15 @@ class SignupsController < ApplicationController end def create - if Current.identity - Signup.new(signup_params).create_identity - redirect_to session_magic_link_path - else - redirect_to new_signup_completion_path - end + Signup.new(signup_params).create_identity + redirect_to session_magic_link_path end private + def redirect_authenticated_user + redirect_to new_signup_completion_path if authenticated? + end + def signup_params params.expect signup: :email_address end diff --git a/app/views/signup/completions/new.html.erb b/app/views/signups/completions/new.html.erb similarity index 100% rename from app/views/signup/completions/new.html.erb rename to app/views/signups/completions/new.html.erb diff --git a/app/views/signup/new.html.erb b/app/views/signups/new.html.erb similarity index 100% rename from app/views/signup/new.html.erb rename to app/views/signups/new.html.erb diff --git a/config/routes.rb b/config/routes.rb index 91ae0055c..6d13e219b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -159,7 +159,7 @@ Rails.application.routes.draw do resource :signup, only: %i[ new create ] do collection do - scope module: :signup, as: :signup do + scope module: :signups, as: :signup do resource :completion, only: %i[ new create ] end end diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index e4a2163b1..8edf74573 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -23,11 +23,9 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest test "create for a new user" do untenanted do - assert_difference -> { Identity.count }, +1 do - assert_difference -> { MagicLink.count }, +1 do - post session_path, - params: { email_address: "nonexistent-#{SecureRandom.hex(6)}@example.com" } - end + assert_no_difference -> { MagicLink.count } do + post session_path, + params: { email_address: "nonexistent-#{SecureRandom.hex(6)}@example.com" } end assert_redirected_to session_magic_link_path diff --git a/test/controllers/signups_controller_test.rb b/test/controllers/signups_controller_test.rb new file mode 100644 index 000000000..9d65c7a55 --- /dev/null +++ b/test/controllers/signups_controller_test.rb @@ -0,0 +1,52 @@ +require "test_helper" + +class SignupsControllerTest < ActionDispatch::IntegrationTest + test "new" do + untenanted do + get new_signup_path + + assert_response :success + end + end + + test "new for an authenticated user" do + identity = identities(:kevin) + sign_in_as identity + + untenanted do + get new_signup_path + + assert_redirected_to new_signup_completion_path + end + end + + test "create" do + email_address = "newuser-#{SecureRandom.hex(6)}@example.com" + + untenanted do + assert_difference -> { Identity.count }, +1 do + assert_difference -> { MagicLink.count }, +1 do + post signup_path, params: { signup: { email_address: email_address } } + end + end + + assert_redirected_to session_magic_link_path + end + end + + test "create for an authenticated user" do + identity = identities(:kevin) + sign_in_as identity + + untenanted do + assert_no_difference -> { Identity.count } do + assert_no_difference -> { MagicLink.count } do + post signup_path, + params: { signup: { email_address: identity.email_address } } + end + end + + assert_redirected_to new_signup_completion_path + end + end +end