From cddddcf83a156462adc93ea7b93cc1c0a08cd368 Mon Sep 17 00:00:00 2001 From: Fernando Olivares Date: Fri, 12 Dec 2025 13:39:39 -0600 Subject: [PATCH] Fix due to unit test when creating with invalid emails --- app/controllers/sessions_controller.rb | 19 +++++++++++++++---- test/controllers/magic_link_api_test.rb | 5 ++--- test/controllers/sessions_controller_test.rb | 2 +- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 6513a42be..1781b40bc 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -9,20 +9,31 @@ class SessionsController < ApplicationController end def create - magic_link = magic_link_from_sign_in_or_sign_up + if identity = Identity.find_by_email_address(email_address) + magic_link = identity.send_magic_link + else + signup = Signup.new(email_address: email_address) + if signup.valid?(:identity_creation) + magic_link = signup.create_identity if Account.accepting_signups? + else + head :unprocessable_entity + return + end + end + serve_development_magic_link magic_link respond_to do |format| format.html do if magic_link.present? - redirect_to_session_magic_link magic_link + redirect_to_session_magic_link magic_link else redirect_to session_magic_link_path end end - format.json do - render json: { pending_authentication_token: pending_authentication_token_for(email_address) }, status: :created + format.json do + render json: { pending_authentication_token: pending_authentication_token_for(email_address) }, status: :created end end end diff --git a/test/controllers/magic_link_api_test.rb b/test/controllers/magic_link_api_test.rb index 8a5ca1b03..a1d494d48 100644 --- a/test/controllers/magic_link_api_test.rb +++ b/test/controllers/magic_link_api_test.rb @@ -102,13 +102,12 @@ class MagicLinkApiTest < ActionDispatch::IntegrationTest end end - test "create session with invalid email via JSON still returns token to prevent enumeration" do + test "create session with invalid email via JSON" do untenanted do assert_no_difference -> { Identity.count } do post session_path(format: :json), params: { email_address: "not-a-valid-email" } end - assert_response :created - assert @response.parsed_body["pending_authentication_token"].present? + assert_response :unprocessable_entity end end diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 4dc5d98a0..74b336a4f 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -70,7 +70,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest post session_path, params: { email_address: "not-a-valid-email" } end - assert_redirected_to session_magic_link_path + assert_response :unprocessable_entity end end end