Clean up interfaces

I talked to the mobile team, and to keep things simple we agreed to send
the token via a cookie.
This commit is contained in:
Stanko K.R.
2025-12-19 16:09:46 +01:00
parent 23fc7b594f
commit e0270c6c49
5 changed files with 136 additions and 107 deletions
@@ -83,10 +83,10 @@ class Sessions::MagicLinksControllerTest < ActionDispatch::IntegrationTest
test "create via JSON" do
identity = identities(:david)
magic_link = identity.send_magic_link
pending_token = pending_authentication_token_for(identity.email_address)
untenanted do
post session_magic_link_path(format: :json), params: { code: magic_link.code, pending_authentication_token: pending_token }
post session_path(format: :json), params: { email_address: identity.email_address }
post session_magic_link_path(format: :json), params: { code: magic_link.code }
assert_response :success
assert @response.parsed_body["session_token"].present?
end
@@ -105,10 +105,10 @@ class Sessions::MagicLinksControllerTest < ActionDispatch::IntegrationTest
test "create via JSON with invalid code" do
identity = identities(:david)
pending_token = pending_authentication_token_for(identity.email_address)
untenanted do
post session_magic_link_path(format: :json), params: { code: "INVALID", pending_authentication_token: pending_token }
post session_path(format: :json), params: { email_address: identity.email_address }
post session_magic_link_path(format: :json), params: { code: "INVALID" }
assert_response :unauthorized
assert_equal "Try another code.", @response.parsed_body["message"]
end
@@ -118,10 +118,10 @@ class Sessions::MagicLinksControllerTest < ActionDispatch::IntegrationTest
identity = identities(:david)
other_identity = identities(:jason)
magic_link = other_identity.send_magic_link
pending_token = pending_authentication_token_for(identity.email_address)
untenanted do
post session_magic_link_path(format: :json), params: { code: magic_link.code, pending_authentication_token: pending_token }
post session_path(format: :json), params: { email_address: identity.email_address }
post session_magic_link_path(format: :json), params: { code: magic_link.code }
assert_response :unauthorized
assert_equal "Something went wrong. Please try again.", @response.parsed_body["message"]
end
@@ -131,20 +131,14 @@ class Sessions::MagicLinksControllerTest < ActionDispatch::IntegrationTest
identity = identities(:david)
magic_link = identity.send_magic_link
expired_token = nil
travel_to 15.minutes.ago do
expired_token = pending_authentication_token_for(identity.email_address)
end
untenanted do
post session_magic_link_path(format: :json), params: { code: magic_link.code, pending_authentication_token: expired_token }
travel_to 20.minutes.ago do
post session_path(format: :json), params: { email_address: identity.email_address }
end
post session_magic_link_path(format: :json), params: { code: magic_link.code }
assert_response :unauthorized
assert_equal "Enter your email address to sign in.", @response.parsed_body["message"]
end
end
private
def pending_authentication_token_for(email_address)
Sessions::MagicLinksController.new.send(:pending_authentication_token_verifier).generate(email_address, expires_in: 10.minutes)
end
end