Files
fizzy/test/controllers/sessions_controller_test.rb
T
2025-12-11 12:49:03 +00:00

80 lines
2.1 KiB
Ruby

require "test_helper"
class SessionsControllerTest < ActionDispatch::IntegrationTest
test "new" do
untenanted do
get new_session_path
end
assert_response :success
end
test "create" do
identity = identities(:kevin)
untenanted do
assert_difference -> { MagicLink.count }, 1 do
post session_path, params: { email_address: identity.email_address }
end
assert_redirected_to session_magic_link_path
assert_nil flash[:magic_link_code]
end
end
test "create for a new user" do
untenanted do
assert_difference -> { MagicLink.count }, +1 do
assert_difference -> { Identity.count }, +1 do
post session_path,
params: { email_address: "nonexistent-#{SecureRandom.hex(6)}@example.com" }
end
end
assert_redirected_to session_magic_link_path
assert MagicLink.last.for_sign_up?
end
end
test "create for a new user when single tenant mode already has a tenant" do
with_multi_tenant_mode(false) do
untenanted do
assert_no_difference -> { MagicLink.count } do
assert_no_difference -> { Identity.count } do
post session_path,
params: { email_address: "nonexistent-#{SecureRandom.hex(6)}@example.com" }
end
end
assert_redirected_to session_magic_link_path
end
end
end
test "create with invalid email address" do
# Avoid Sentry exceptions when attackers try to stuff invalid emails. The browser performs form
# field validation that should normally prevent this from occurring, so I'm not worried about
# returning proper validation errors.
without_action_dispatch_exception_handling do
untenanted do
assert_no_difference -> { Identity.count } do
post session_path, params: { email_address: "not-a-valid-email" }
end
assert_response :unprocessable_entity
end
end
end
test "destroy" do
sign_in_as :kevin
untenanted do
delete session_path
assert_redirected_to new_session_path
assert_not cookies[:session_token].present?
end
end
end