Files
fizzy/test/controllers/signups_controller_test.rb
T
Mike Dalessio 0160f215f2 Validate email before creating identity during sign-up and sign-in
Avoid Sentry exceptions when attackers try to stuff invalid emails. The
browser performs form field validation that should normally prevent this
from occurring, so we just return 422 without validation error messages.

Also:

- extract redirect_to_session_magic_link helper
- some controller refactoring and cleanup
2025-12-06 16:52:16 -05:00

67 lines
1.6 KiB
Ruby

require "test_helper"
class SignupsControllerTest < ActionDispatch::IntegrationTest
test "new" do
untenanted do
get new_signup_path
assert_response :success
end
end
test "new for an authenticated user" do
identity = identities(:kevin)
sign_in_as identity
untenanted do
get new_signup_path
assert_redirected_to new_signup_completion_path
end
end
test "create" do
email_address = "newuser-#{SecureRandom.hex(6)}@example.com"
untenanted do
assert_difference -> { Identity.count }, +1 do
assert_difference -> { MagicLink.count }, +1 do
post signup_path, params: { signup: { email_address: email_address } }
end
end
assert_redirected_to session_magic_link_path
end
end
test "create with invalid email address" do
without_action_dispatch_exception_handling do
untenanted do
assert_no_difference -> { Identity.count } do
assert_no_difference -> { MagicLink.count } do
post signup_path, params: { signup: { email_address: "not-a-valid-email" } }
end
end
assert_response :unprocessable_entity
end
end
end
test "create for an authenticated user" do
identity = identities(:kevin)
sign_in_as identity
untenanted do
assert_no_difference -> { Identity.count } do
assert_no_difference -> { MagicLink.count } do
post signup_path,
params: { signup: { email_address: identity.email_address } }
end
end
assert_redirected_to new_signup_completion_path
end
end
end