Require authentication for most endpoints #29
14 changed files with 73 additions and 5 deletions
|
|
@ -1,3 +1,4 @@
|
|||
class ApplicationController < ActionController::Base
|
||||
include Authenticatable
|
||||
include Authorizable
|
||||
end
|
||||
|
|
|
|||
37
app/controllers/concerns/authorizable.rb
Normal file
37
app/controllers/concerns/authorizable.rb
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
module Authorizable
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
included do
|
||||
before_action :require_registered_user
|
||||
end
|
||||
|
||||
class_methods do
|
||||
def allow_unregistered_user(**args)
|
||||
skip_before_action :require_registered_user, **args
|
||||
end
|
||||
|
||||
def require_unregistered_user(**args)
|
||||
skip_before_action :require_registered_user, **args
|
||||
before_action :require_unregistered_user, **args
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def require_registered_user
|
||||
Current.user.registered? || redirect_to_sign_in
|
||||
end
|
||||
|
||||
def require_unregistered_user
|
||||
Current.user.unregistered? || redirect_to_dashboard
|
||||
end
|
||||
|
||||
def redirect_to_sign_in
|
||||
session[:return_url] = request.url
|
||||
redirect_to new_session_url, alert: "You must be logged in to continue."
|
||||
end
|
||||
|
||||
def redirect_to_dashboard
|
||||
redirect_to root_url, alert: "You are already logged in."
|
||||
end
|
||||
end
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
class SessionsController < ApplicationController
|
||||
require_unregistered_user only: %i[new create]
|
||||
# GET /sessions/new
|
||||
def new
|
||||
@session = Session.new
|
||||
|
|
@ -11,7 +12,6 @@ class SessionsController < ApplicationController
|
|||
respond_to do |format|
|
||||
if @session.save
|
||||
session[:current_user_id] = @session.user_id
|
||||
Rails.logger.info("ID: #{@session.user_id}")
|
||||
|
||||
format.html { redirect_to root_url, notice: "Session was successfully created." }
|
||||
format.json { render :show, status: :created, location: @session }
|
||||
|
|
@ -27,7 +27,7 @@ class SessionsController < ApplicationController
|
|||
session[:current_user_id] = nil
|
||||
|
||||
respond_to do |format|
|
||||
format.html { redirect_to root_url, notice: "Session was successfully destroyed." }
|
||||
format.html { redirect_to new_session_url, notice: "Session was successfully destroyed." }
|
||||
format.json { head :no_content }
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,4 +1,6 @@
|
|||
class UsersController < ApplicationController
|
||||
require_unregistered_user only: %i[new create]
|
||||
|
||||
before_action :set_user, only: %i[ show edit update destroy ]
|
||||
|
||||
# GET /users or /users.json
|
||||
|
|
@ -25,6 +27,9 @@ class UsersController < ApplicationController
|
|||
|
||||
respond_to do |format|
|
||||
if @user.save
|
||||
@session = Session.new(session_params).save
|
||||
session[:current_user_id] = @session.user_id
|
||||
|
||||
format.html { redirect_to user_url(@user), notice: "User was successfully created." }
|
||||
format.json { render :show, status: :created, location: @user }
|
||||
else
|
||||
|
|
@ -67,4 +72,8 @@ class UsersController < ApplicationController
|
|||
def user_params
|
||||
params.require(:user).permit(:email, :password, :password_confirmation)
|
||||
end
|
||||
|
||||
def session_params
|
||||
user_params.slice(:email, :password)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
class GuestUser
|
||||
def registered? = false
|
||||
|
||||
def unregistered? = true
|
||||
end
|
||||
|
|
|
|||
|
|
@ -2,4 +2,6 @@ class User < ApplicationRecord
|
|||
has_secure_password
|
||||
|
||||
def registered? = true
|
||||
|
||||
def unregistered? = false
|
||||
end
|
||||
|
|
|
|||
|
|
@ -20,8 +20,9 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|||
end
|
||||
|
||||
test "should destroy session" do
|
||||
login(users(:one).email)
|
||||
delete session_url(@session)
|
||||
|
||||
assert_redirected_to root_url
|
||||
assert_redirected_to new_session_url
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
|
|||
end
|
||||
|
||||
test "should get index" do
|
||||
login(@user.email)
|
||||
get users_url
|
||||
assert_response :success
|
||||
end
|
||||
|
|
@ -31,21 +32,25 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
|
|||
end
|
||||
|
||||
test "should show user" do
|
||||
login(@user.email)
|
||||
get user_url(@user)
|
||||
assert_response :success
|
||||
end
|
||||
|
||||
test "should get edit" do
|
||||
login(@user.email)
|
||||
get edit_user_url(@user)
|
||||
assert_response :success
|
||||
end
|
||||
|
||||
test "should update user" do
|
||||
login(@user.email)
|
||||
patch user_url(@user), params: { user: { email: @user.email, password: "secret", password_confirmation: "secret" } }
|
||||
assert_redirected_to user_url(@user)
|
||||
end
|
||||
|
||||
test "should destroy user" do
|
||||
login(@user.email)
|
||||
assert_difference("User.count", -1) do
|
||||
delete user_url(@user)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ require "application_system_test_case"
|
|||
class CreditCardBillsTest < ApplicationSystemTestCase
|
||||
setup do
|
||||
@credit_card_bill = credit_card_bills(:one)
|
||||
login(users(:one).email)
|
||||
end
|
||||
|
||||
test "visiting the index" do
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ require "application_system_test_case"
|
|||
class ExpensesTest < ApplicationSystemTestCase
|
||||
setup do
|
||||
@expense = expenses(:monthly_expense)
|
||||
login(users(:one).email)
|
||||
end
|
||||
|
||||
test "visiting the index" do
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ require "application_system_test_case"
|
|||
class IncomesTest < ApplicationSystemTestCase
|
||||
setup do
|
||||
@income = incomes(:included_1)
|
||||
login(users(:one).email)
|
||||
end
|
||||
|
||||
test "visiting the index" do
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ require "application_system_test_case"
|
|||
class MembersTest < ApplicationSystemTestCase
|
||||
setup do
|
||||
@member = members(:one)
|
||||
login(users(:one).email)
|
||||
end
|
||||
|
||||
test "visiting the index" do
|
||||
|
|
|
|||
|
|
@ -6,13 +6,14 @@ class UsersTest < ApplicationSystemTestCase
|
|||
end
|
||||
|
||||
test "visiting the index" do
|
||||
login(@user.email)
|
||||
visit users_url
|
||||
assert_selector "h1", text: "Users"
|
||||
end
|
||||
|
||||
test "should create user" do
|
||||
visit users_url
|
||||
click_on "New user"
|
||||
click_on "Sign up"
|
||||
|
||||
fill_in "Email", with: "userthree@example.local"
|
||||
fill_in "Password", with: "secret"
|
||||
|
|
@ -24,6 +25,7 @@ class UsersTest < ApplicationSystemTestCase
|
|||
end
|
||||
|
||||
test "should update User" do
|
||||
login(@user.email)
|
||||
visit user_url(@user)
|
||||
click_on "Edit this user", match: :first
|
||||
|
||||
|
|
@ -37,7 +39,8 @@ class UsersTest < ApplicationSystemTestCase
|
|||
end
|
||||
|
||||
test "should destroy User" do
|
||||
visit user_url(@user)
|
||||
login(@user.email)
|
||||
visit user_url(users(:two))
|
||||
click_on "Destroy this user", match: :first
|
||||
|
||||
assert_text "User was successfully destroyed"
|
||||
|
|
|
|||
|
|
@ -10,4 +10,8 @@ class ActiveSupport::TestCase
|
|||
fixtures :all
|
||||
|
||||
# Add more helper methods to be used by all tests here...
|
||||
def login(email, password = "secret")
|
||||
post sessions_url, params: { session: { email: email, password: password } }
|
||||
assert session[:current_user_id].present?
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue