Commit 8205a00
Changed files (5)
app
controllers
models
services
spec
controllers
models
services
app/controllers/sessions_controller.rb
@@ -11,9 +11,8 @@ class SessionsController < ApplicationController
end
def create
- if @session = @login_command.run(self)
- session[:user_session_id] = @session.id
- cookies.signed[:raphael] = @session.access(request)
+ if user_session = @login_command.run(self)
+ cookies.signed[:raphael] = user_session
redirect_to root_path(anchor: '')
else
flash[:error] = I18n.translate(:invalid_credentials)
app/models/services/login_command.rb
@@ -5,10 +5,10 @@ class LoginCommand
def run(context)
user = @users.find_by(email: context.params[:email])
+ return nil unless user
+
if user && (user_session = user.login(context.params[:password]))
user_session.access(context.request)
- else
- raise "heck"
end
end
end
app/models/user.rb
@@ -6,10 +6,6 @@ class User < ActiveRecord::Base
has_secure_password
def login(password)
- if authenticate(password)
- sessions.build
- else
- raise 'heck'
- end
+ sessions.build if authenticate(password)
end
end
spec/controllers/sessions_controller_spec.rb
@@ -9,13 +9,7 @@ describe SessionsController do
end
describe "#create" do
- let(:user) { double(id: 1, authenticate: false) }
-
- before :each do
- allow(User).to receive(:find_by).with(email: 'email@example.com').and_return(user)
- allow(User).to receive(:find_by).with(email: 'unknown@example.com').and_return(nil)
- allow(user).to receive(:authenticate).with('password').and_return(true)
- end
+ let!(:user) { create(:user, password: 'password') }
context "when the email and password is incorrect" do
it "displays an error" do
@@ -34,21 +28,12 @@ describe SessionsController do
end
context "when the email and password is correct" do
- before :each do
- post :create, email: 'email@example.com', password: 'password'
- end
+ before { post :create, email: user.email, password: 'password' }
it "redirects to the dashboard" do
expect(response).to redirect_to(root_path(anchor: ''))
end
- it "creates a new session" do
- expect(session[:user_session_id]).to_not be_nil
- last_session = Session.last
- expect(session[:user_session_id]).to eql(last_session.id)
- expect(last_session.ip_address).to eql("0.0.0.0")
- end
-
it 'assigns a session key to a secure cookie' do
expect(cookies.signed[:raphael]).to eql(Session.last.id)
end
@@ -56,7 +41,7 @@ describe SessionsController do
end
context "#destroy" do
- let(:user_session) { Session.create! }
+ let(:user_session) { create(:session) }
it "removes the current session" do
delete :destroy, { id: 'mine' }, { user_session_id: user_session.id }
spec/models/services/login_command_spec.rb
@@ -5,15 +5,33 @@ describe LoginCommand do
describe "#run" do
let(:user) { create(:user) }
- let(:web_context) { double(params: { email: user.email, password: 'password' }, request: web_request) }
let(:web_request) { double(remote_ip: '192.168.0.1') }
+ let(:web_context) { double(params: params, request: web_request) }
context "when the credentials are valid" do
+ let(:params) { { email: user.email, password: 'password' } }
+
it 'returns a new user session' do
result = subject.run(web_context)
expect(result[:value]).to_not be_nil
expect(result[:httponly]).to eql(true)
end
end
+
+ context "when the email is not known" do
+ let(:params) { { email: 'blah@example.com', password: 'password' } }
+
+ it 'returns nil' do
+ expect(subject.run(web_context)).to be_nil
+ end
+ end
+
+ context "when the password is incorrect" do
+ let(:params) { { email: user.email, password: 'wrong' } }
+
+ it 'returns nil' do
+ expect(subject.run(web_context)).to be_nil
+ end
+ end
end
end