Commit 9b6e3f0
Changed files (5)
app
spec
controllers
app/controllers/application_controller.rb
@@ -2,7 +2,8 @@ class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
- before_action :authorize!
+ before_action :authenticate!
+ rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
protected
@@ -18,7 +19,14 @@ class ApplicationController < ActionController::Base
I18n.translate("#{params[:controller]}.#{params[:action]}#{key}")
end
- def authorize!
- redirect_to new_session_path if try(:current_user).nil?
+ def authenticate!
+ return if session[:user_id].present? && current_user.present?
+ redirect_to new_session_path
+ rescue
+ redirect_to new_session_path
+ end
+
+ def record_not_found
+ render text: "404 Not Found", status: 404
end
end
app/controllers/items_controller.rb
@@ -1,6 +1,4 @@
class ItemsController < ApplicationController
- rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
-
def index
@items = current_user.items
@item = Item.new
@@ -41,10 +39,6 @@ class ItemsController < ApplicationController
private
- def record_not_found
- render text: "404 Not Found", status: 404
- end
-
def secure_params
params.require(:item).permit(
:name,
app/controllers/public_controller.rb
@@ -1,4 +1,4 @@
class PublicController < ApplicationController
layout "public"
- skip_before_action :authorize!
+ skip_before_action :authenticate!
end
app/controllers/sessions_controller.rb
@@ -1,7 +1,6 @@
class SessionsController < PublicController
def create
- user = User.authenticate(params[:user][:username], params[:user][:password])
- if user.present?
+ if user = User.authenticate(params[:user][:username], params[:user][:password])
session[:user_id] = user.id
redirect_to dashboard_path
else
spec/controllers/sessions_controller_spec.rb
@@ -1,52 +1,48 @@
require "rails_helper"
describe SessionsController do
-
describe "#create" do
-
let(:user) { create(:user, password: "password") }
-
+
context "when credentials are correct" do
-
it "logs you in with email" do
post :create, { user: { username: user.email, password: "password" } }
expect(session[:user_id]).to eql(user.id)
end
-
+
it "logs you in with username" do
post :create, { user: { username: user.username, password: "password" } }
expect(session[:user_id]).to eql(user.id)
end
-
+
+ it "redirects to the dashboard" do
+ post :create, { user: { username: user.username, password: "password" } }
+ expect(response).to redirect_to(dashboard_path)
+ end
end
-
+
context "when credentials are incorrect" do
-
it "displays errors" do
post :create, { user: { username: user.username, password: "wrong" } }
expect(flash[:warning]).to_not be_empty
end
-
+
it "redirects to the login page" do
post :create, { user: { username: user.username, password: "wrong" } }
expect(response).to redirect_to(new_session_path)
end
-
end
end
-
+
describe "#destroy" do
context "when logged in" do
-
let(:user) { create(:user) }
-
+
it "logs you out" do
session[:user_id] = user.id
delete :destroy, id: user.id
expect(session[:user_id]).to be_nil
end
-
end
end
-
-end
\ No newline at end of file
+end