From fb487f598c1a19542e76192f1a7d0f487c251805 Mon Sep 17 00:00:00 2001 From: Fernando Olivares Date: Fri, 12 Dec 2025 13:28:54 -0600 Subject: [PATCH] Restore sessions_controller test on creating invalid email address --- test/controllers/sessions_controller_test.rb | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 31fb84dd6..4dc5d98a0 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -60,13 +60,18 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest end end - test "create with invalid email address still redirects to prevent enumeration" do - untenanted do - assert_no_difference -> { Identity.count } do - post session_path, params: { email_address: "not-a-valid-email" } - end + test "create with invalid email address" do + # Avoid Sentry exceptions when attackers try to stuff invalid emails. The browser performs form + # field validation that should normally prevent this from occurring, so I'm not worried about + # returning proper validation errors. + without_action_dispatch_exception_handling do + untenanted do + assert_no_difference -> { Identity.count } do + post session_path, params: { email_address: "not-a-valid-email" } + end - assert_redirected_to session_magic_link_path + assert_redirected_to session_magic_link_path + end end end