Update to always return a pending auth token for JSON responses.

This commit is contained in:
Fernando Olivares
2025-12-12 13:05:33 -06:00
committed by Stanko K.R.
parent fbf829b346
commit 6e8d6a3df0
3 changed files with 14 additions and 15 deletions
+7 -12
View File
@@ -55,23 +55,18 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
end
end
assert_response :unprocessable_entity
assert_redirected_to session_magic_link_path
end
end
end
test "create with invalid email address" do
# Avoid Sentry exceptions when attackers try to stuff invalid emails. The browser performs form
# field validation that should normally prevent this from occurring, so I'm not worried about
# returning proper validation errors.
without_action_dispatch_exception_handling do
untenanted do
assert_no_difference -> { Identity.count } do
post session_path, params: { email_address: "not-a-valid-email" }
end
assert_response :unprocessable_entity
test "create with invalid email address still redirects to prevent enumeration" do
untenanted do
assert_no_difference -> { Identity.count } do
post session_path, params: { email_address: "not-a-valid-email" }
end
assert_redirected_to session_magic_link_path
end
end