Clean up interfaces
I talked to the mobile team, and to keep things simple we agreed to send the token via a cookie.
This commit is contained in:
@@ -83,10 +83,10 @@ class Sessions::MagicLinksControllerTest < ActionDispatch::IntegrationTest
|
||||
test "create via JSON" do
|
||||
identity = identities(:david)
|
||||
magic_link = identity.send_magic_link
|
||||
pending_token = pending_authentication_token_for(identity.email_address)
|
||||
|
||||
untenanted do
|
||||
post session_magic_link_path(format: :json), params: { code: magic_link.code, pending_authentication_token: pending_token }
|
||||
post session_path(format: :json), params: { email_address: identity.email_address }
|
||||
post session_magic_link_path(format: :json), params: { code: magic_link.code }
|
||||
assert_response :success
|
||||
assert @response.parsed_body["session_token"].present?
|
||||
end
|
||||
@@ -105,10 +105,10 @@ class Sessions::MagicLinksControllerTest < ActionDispatch::IntegrationTest
|
||||
|
||||
test "create via JSON with invalid code" do
|
||||
identity = identities(:david)
|
||||
pending_token = pending_authentication_token_for(identity.email_address)
|
||||
|
||||
untenanted do
|
||||
post session_magic_link_path(format: :json), params: { code: "INVALID", pending_authentication_token: pending_token }
|
||||
post session_path(format: :json), params: { email_address: identity.email_address }
|
||||
post session_magic_link_path(format: :json), params: { code: "INVALID" }
|
||||
assert_response :unauthorized
|
||||
assert_equal "Try another code.", @response.parsed_body["message"]
|
||||
end
|
||||
@@ -118,10 +118,10 @@ class Sessions::MagicLinksControllerTest < ActionDispatch::IntegrationTest
|
||||
identity = identities(:david)
|
||||
other_identity = identities(:jason)
|
||||
magic_link = other_identity.send_magic_link
|
||||
pending_token = pending_authentication_token_for(identity.email_address)
|
||||
|
||||
untenanted do
|
||||
post session_magic_link_path(format: :json), params: { code: magic_link.code, pending_authentication_token: pending_token }
|
||||
post session_path(format: :json), params: { email_address: identity.email_address }
|
||||
post session_magic_link_path(format: :json), params: { code: magic_link.code }
|
||||
assert_response :unauthorized
|
||||
assert_equal "Something went wrong. Please try again.", @response.parsed_body["message"]
|
||||
end
|
||||
@@ -131,20 +131,14 @@ class Sessions::MagicLinksControllerTest < ActionDispatch::IntegrationTest
|
||||
identity = identities(:david)
|
||||
magic_link = identity.send_magic_link
|
||||
|
||||
expired_token = nil
|
||||
travel_to 15.minutes.ago do
|
||||
expired_token = pending_authentication_token_for(identity.email_address)
|
||||
end
|
||||
|
||||
untenanted do
|
||||
post session_magic_link_path(format: :json), params: { code: magic_link.code, pending_authentication_token: expired_token }
|
||||
travel_to 20.minutes.ago do
|
||||
post session_path(format: :json), params: { email_address: identity.email_address }
|
||||
end
|
||||
|
||||
post session_magic_link_path(format: :json), params: { code: magic_link.code }
|
||||
assert_response :unauthorized
|
||||
assert_equal "Enter your email address to sign in.", @response.parsed_body["message"]
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
def pending_authentication_token_for(email_address)
|
||||
Sessions::MagicLinksController.new.send(:pending_authentication_token_verifier).generate(email_address, expires_in: 10.minutes)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user