Skip to content

Commit

Permalink
Implement #login! helper
Browse files Browse the repository at this point in the history
  • Loading branch information
Spone committed Jan 18, 2023
1 parent 47f82a5 commit 1f5ce59
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 0 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ explaining and the rest are commented:
```ruby
require_login # This is a before action
login(email, password, remember_me = false)
login!(email, password, remember_me = false) # Raises an `Sorcery::InvalidCredentials` exception on failure
auto_login(user) # Login without credentials
logout
logged_in? # Available in views
Expand Down
12 changes: 12 additions & 0 deletions lib/sorcery/controller.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
module Sorcery
class InvalidCredentials < StandardError; end

module Controller
def self.included(klass)
klass.class_eval do
Expand Down Expand Up @@ -63,6 +65,16 @@ def login(*credentials)
end
end

def login!(*credentials)
user = login(*credentials)

if user.nil?
raise Sorcery::InvalidCredentials
else
user
end
end

def reset_sorcery_session
reset_session # protect from session fixation attacks
end
Expand Down
33 changes: 33 additions & 0 deletions spec/controllers/controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,39 @@
end
end

describe '#login!' do
context 'when succeeds' do
before do
expect(User).to receive(:authenticate).with('[email protected]', 'secret') { |&block| block.call(user, nil) }
get :test_login_bang, params: { email: '[email protected]', password: 'secret' }
end

it 'assigns user to @user variable' do
expect(assigns[:user]).to eq user
end

it 'writes user id in session' do
expect(session[:user_id]).to eq user.id.to_s
end

it 'sets csrf token in session' do
expect(session[:_csrf_token]).not_to be_nil
end
end

context 'when fails' do
before do
expect(User).to receive(:authenticate).with('[email protected]', 'opensesame!').and_return(nil)
end

it 'raises Sorcery::InvalidCredentials exception' do
expect do
get :test_login_bang, params: { email: '[email protected]', password: 'opensesame!' }
end.to raise_error(Sorcery::InvalidCredentials)
end
end
end

describe '#logout' do
it 'clears the session' do
cookies[:remember_me_token] = nil
Expand Down
5 changes: 5 additions & 0 deletions spec/rails_app/app/controllers/sorcery_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ def test_login
head :ok
end

def test_login_bang
@user = login!(params[:email], params[:password])
head :ok
end

def test_auto_login
@user = User.first
auto_login(@user)
Expand Down
1 change: 1 addition & 0 deletions spec/rails_app/config/routes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

controller :sorcery do
get :test_login
get :test_login_bang
get :test_logout
get :some_action
post :test_return_to
Expand Down

0 comments on commit 1f5ce59

Please sign in to comment.