Remove session controller actions other than delete
and do some general cleanup around sessions controllers and the sign_in_as test helper
This commit is contained in:
@@ -1,8 +1,7 @@
|
||||
class Sessions::LaunchpadController < ApplicationController
|
||||
require_unauthenticated_access
|
||||
|
||||
before_action :store_sig, only: :show
|
||||
before_action :restore_and_clear_sig, only: :update
|
||||
before_action :require_sig
|
||||
|
||||
def show
|
||||
end
|
||||
@@ -17,11 +16,7 @@ class Sessions::LaunchpadController < ApplicationController
|
||||
end
|
||||
|
||||
private
|
||||
def store_sig
|
||||
cookies[:_fizzy_launchpad_sig] = params.expect(:sig)
|
||||
end
|
||||
|
||||
def restore_and_clear_sig
|
||||
@sig = cookies.delete :_fizzy_launchpad_sig
|
||||
def require_sig
|
||||
@sig = params.expect(:sig)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1,28 +1,6 @@
|
||||
class SessionsController < ApplicationController
|
||||
require_unauthenticated_access only: %i[ new create ]
|
||||
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_path, alert: "Try again later." }
|
||||
|
||||
before_action :require_first_run_completion
|
||||
|
||||
def new
|
||||
end
|
||||
|
||||
def create
|
||||
if user = User.active.authenticate_by(params.permit(:email_address, :password))
|
||||
start_new_session_for user
|
||||
redirect_to after_authentication_url
|
||||
else
|
||||
redirect_to new_session_path, alert: "Try another email address or password."
|
||||
end
|
||||
end
|
||||
|
||||
def destroy
|
||||
terminate_session
|
||||
redirect_to new_session_path
|
||||
redirect_to Launchpad.login_url, allow_other_host: true
|
||||
end
|
||||
|
||||
private
|
||||
def require_first_run_completion
|
||||
redirect_to first_run_path if Account.none?
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1 +1,3 @@
|
||||
<%= auto_submit_form_with method: :put %>
|
||||
<%= auto_submit_form_with(method: :put) do |form| %>
|
||||
<%= form.hidden_field(:sig, value: @sig) %>
|
||||
<% end %>
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
<% @page_title = "Sign in" %>
|
||||
|
||||
<div class="panel shadow center margin-block-double <%= "shake" if flash[:alert] %>" style="--panel-size: 55ch;">
|
||||
<h1 class="txt-xx-large margin-block-end-double">Fizzy</h1>
|
||||
|
||||
<%= form_with url: session_path, class: "flex flex-column gap txt-large" do |form| %>
|
||||
<div class="flex align-center gap">
|
||||
<label class="flex align-center gap input input--actor">
|
||||
<%= form.email_field :email_address, required: true, class: "input full-width", autofocus: true, autocomplete: "username", placeholder: "Enter your email address" %>
|
||||
<%= icon_tag "email", class: "txt-large" %>
|
||||
</label>
|
||||
</div>
|
||||
|
||||
<div class="flex align-center gap">
|
||||
<label class="flex align-center gap input input--actor">
|
||||
<%= form.password_field :password, required: true, class: "input full-width", autocomplete: "current-password", placeholder: "Enter your password", maxlength: 72 %>
|
||||
<%= icon_tag "password", class: "txt-large" %>
|
||||
</label>
|
||||
</div>
|
||||
|
||||
<button type="submit" id="log_in" class="btn btn--reversed center">
|
||||
<%= icon_tag "arrow-right" %>
|
||||
<span class="for-screen-reader">Sign in</span>
|
||||
</button>
|
||||
<% end %>
|
||||
</div>
|
||||
|
||||
<% content_for :footer do %>
|
||||
<div class="txt-align-center center margin-block-double txt-subtle">Fizzy™ version 0</div>
|
||||
<% end %>
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
<% content_for :header do %>
|
||||
<nav>
|
||||
<%= link_to new_session_path, class: "btn flex-item-justify-end", data: { controller: "hotkey", action: "keydown.esc@document->hotkey#click" } do %>
|
||||
<%= link_to Launchpad.login_url(account: Current.account), class: "btn flex-item-justify-end", data: { controller: "hotkey", action: "keydown.esc@document->hotkey#click" } do %>
|
||||
<span class="for-screen-reader">Sign in instead</span>
|
||||
<% end %>
|
||||
</nav>
|
||||
|
||||
+2
-2
@@ -84,11 +84,11 @@ Rails.application.routes.draw do
|
||||
get "join/:join_code", to: "users#new", as: :join
|
||||
post "join/:join_code", to: "users#create"
|
||||
|
||||
resource :session do
|
||||
resource :session, only: :destroy do
|
||||
scope module: "sessions" do
|
||||
resources :transfers, only: %i[ show update ]
|
||||
resource :launchpad, only: %i[ show update ], controller: "launchpad"
|
||||
end
|
||||
resource :launchpad, only: %i[ show update ], controller: "sessions/launchpad"
|
||||
end
|
||||
|
||||
namespace :signup do
|
||||
|
||||
@@ -6,14 +6,16 @@ class Sessions::LaunchpadControllerTest < ActionDispatch::IntegrationTest
|
||||
|
||||
assert_response :success
|
||||
|
||||
assert_equal cookies[:_fizzy_launchpad_sig], "test-sig"
|
||||
assert_select "form input#sig" do |node|
|
||||
assert_equal node.length, 1
|
||||
assert_equal node.first["value"], "test-sig"
|
||||
end
|
||||
end
|
||||
|
||||
test "create establishes a session when the sig is valid" do
|
||||
user = users(:david)
|
||||
cookies[:_fizzy_launchpad_sig] = user.signal_user.perishable_signature
|
||||
|
||||
put session_launchpad_path
|
||||
put session_launchpad_path(params: { sig: user.signal_user.perishable_signature })
|
||||
|
||||
assert_redirected_to root_url
|
||||
assert parsed_cookies.signed[:session_token]
|
||||
@@ -21,9 +23,8 @@ class Sessions::LaunchpadControllerTest < ActionDispatch::IntegrationTest
|
||||
|
||||
test "returns 401 when the sig is invalid" do
|
||||
user = users(:david)
|
||||
cookies[:sig] = "not-valid"
|
||||
|
||||
put session_launchpad_path
|
||||
put session_launchpad_path(params: { sig: "invalid" })
|
||||
|
||||
assert_response :unauthorized
|
||||
end
|
||||
|
||||
@@ -1,38 +1,10 @@
|
||||
require "test_helper"
|
||||
|
||||
class SessionsControllerTest < ActionDispatch::IntegrationTest
|
||||
ALLOWED_BROWSER = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15"
|
||||
DISALLOWED_BROWSER = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0"
|
||||
|
||||
test "new" do
|
||||
get new_session_path
|
||||
assert_response :success
|
||||
end
|
||||
|
||||
test "new enforces browser compatibility" do
|
||||
get new_session_path, env: { "HTTP_USER_AGENT" => DISALLOWED_BROWSER }
|
||||
assert_select "svg", message: /Your browser is not supported/
|
||||
|
||||
get new_session_path, env: { "HTTP_USER_AGENT" => ALLOWED_BROWSER }
|
||||
assert_select "svg", text: /Your browser is not supported/, count: 0
|
||||
end
|
||||
|
||||
test "create with valid credentials" do
|
||||
post session_path, params: { email_address: "david@37signals.com", password: "secret123456" }
|
||||
assert_redirected_to root_path
|
||||
assert cookies[:session_token].present?
|
||||
end
|
||||
|
||||
test "create with invalid credentials" do
|
||||
post session_path, params: { email_address: "david@37signals.com", password: "wrong" }
|
||||
assert_redirected_to new_session_path
|
||||
assert_not cookies[:session_token].present?
|
||||
end
|
||||
|
||||
test "destroy" do
|
||||
sign_in_as :kevin
|
||||
delete session_path
|
||||
assert_redirected_to new_session_path
|
||||
assert_redirected_to Launchpad.login_url
|
||||
assert_not cookies[:session_token].present?
|
||||
end
|
||||
end
|
||||
|
||||
@@ -6,7 +6,7 @@ module SessionTestHelper
|
||||
def sign_in_as(user)
|
||||
cookies[:session_token] = nil
|
||||
user = users(user) unless user.is_a? User
|
||||
post session_path, params: { email_address: user.email_address, password: "secret123456" }
|
||||
put session_launchpad_path, params: { sig: user.signal_user.perishable_signature }
|
||||
assert cookies[:session_token].present?
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user