Commit f582055
Changed files (2)
app
controllers
spec
controllers
app/controllers/application_controller.rb
@@ -14,9 +14,8 @@ class ApplicationController < ActionController::Base
private
- def ensure_valid_session
- #::TODO look up session by unique session key not id.
- unless session[:user_session_id] && @current_session = Session.find(session[:user_session_id])
+ def ensure_valid_session(user_session_id = cookies.signed[:raphael])
+ unless @current_session = Session.find(user_session_id)
redirect_to new_session_path
end
rescue ActiveRecord::RecordNotFound
spec/controllers/application_controller_spec.rb
@@ -12,7 +12,8 @@ describe ApplicationController do
let(:user) { create(:user, password: 'password', password_confirmation: 'password') }
let(:user_session) { create(:session, user: user) }
- before { get :index, {}, user_session_id: user_session.id }
+ before { cookies.signed[:raphael] = user_session.id }
+ before { get :index }
it "lets you continue to do whatever the heck you were trying to do" do
expect(response.status).to eql(200)
@@ -24,15 +25,16 @@ describe ApplicationController do
end
context "when not signed in" do
- it "boots you out when their is no session_id" do
+ before :each do
+ cookies.signed[:raphael] = rand(100)
get :index
+ end
+
+ it "boots you out when their is no session_id" do
expect(response).to redirect_to(new_session_path)
end
it "boots you out when the session id is not known" do
- allow(Session).to receive(:find).with(100).and_raise(ActiveRecord::RecordNotFound)
-
- get :index, {}, user_session_id: 100
expect(response).to redirect_to(new_session_path)
end
end