0160f215f2
Avoid Sentry exceptions when attackers try to stuff invalid emails. The browser performs form field validation that should normally prevent this from occurring, so we just return 422 without validation error messages. Also: - extract redirect_to_session_magic_link helper - some controller refactoring and cleanup
65 lines
1.7 KiB
Ruby
65 lines
1.7 KiB
Ruby
require "test_helper"
|
|
|
|
class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
test "new" do
|
|
untenanted do
|
|
get new_session_path
|
|
end
|
|
|
|
assert_response :success
|
|
end
|
|
|
|
test "create" do
|
|
identity = identities(:kevin)
|
|
|
|
untenanted do
|
|
assert_difference -> { MagicLink.count }, 1 do
|
|
post session_path, params: { email_address: identity.email_address }
|
|
end
|
|
|
|
assert_redirected_to session_magic_link_path
|
|
assert_nil flash[:magic_link_code]
|
|
end
|
|
end
|
|
|
|
test "create for a new user" do
|
|
untenanted do
|
|
assert_difference -> { MagicLink.count }, +1 do
|
|
assert_difference -> { Identity.count }, +1 do
|
|
post session_path,
|
|
params: { email_address: "nonexistent-#{SecureRandom.hex(6)}@example.com" }
|
|
end
|
|
end
|
|
|
|
assert_redirected_to session_magic_link_path
|
|
assert MagicLink.last.for_sign_up?
|
|
end
|
|
end
|
|
|
|
test "create with invalid email address" do
|
|
# Avoid Sentry exceptions when attackers try to stuff invalid emails. The browser performs form
|
|
# field validation that should normally prevent this from occurring, so I'm not worried about
|
|
# returning proper validation errors.
|
|
without_action_dispatch_exception_handling do
|
|
untenanted do
|
|
assert_no_difference -> { Identity.count } do
|
|
post session_path, params: { email_address: "not-a-valid-email" }
|
|
end
|
|
|
|
assert_response :unprocessable_entity
|
|
end
|
|
end
|
|
end
|
|
|
|
test "destroy" do
|
|
sign_in_as :kevin
|
|
|
|
untenanted do
|
|
delete session_path
|
|
|
|
assert_redirected_to new_session_path
|
|
assert_not cookies[:session_token].present?
|
|
end
|
|
end
|
|
end
|