github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-02-19 02:44:31 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
1befcb58828b0df46aba985be20e88fc3c46c0db
devise/test/controllers/sessions_controller_test.rb
Adan Amarillas 9a149ff139 Return 401 for sessions#destroy action with no user signed in (#4878) 
It's an unauthenticated request, so return 401 Unauthorized like most
other similar requests.

Signed-off-by: Carlos Antonio da Silva <carlosantoniodasilva@gmail.com>
2025-12-31 13:56:01 -03:00

103 lines
3.3 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
require 'test_helper'
class SessionsControllerTest < Devise::ControllerTestCase
tests Devise::SessionsController
include Devise::Test::ControllerHelpers
test "#create doesn't raise unpermitted params when sign in fails" do
begin
subscriber = ActiveSupport::Notifications.subscribe %r{unpermitted_parameters} do |name, start, finish, id, payload|
flunk "Unpermitted params: #{payload}"
end
request.env["devise.mapping"] = Devise.mappings[:user]
request.session["user_return_to"] = 'foo.bar'
create_user
post :create, params: { user: {
email: "wrong@email.com",
password: "wrongpassword"
}
}
assert_equal 200, @response.status
ensure
ActiveSupport::Notifications.unsubscribe(subscriber)
end
end
test "#create works even with scoped views" do
swap Devise, scoped_views: true do
request.env["devise.mapping"] = Devise.mappings[:user]
post :create
assert_equal 200, @response.status
assert_template "users/sessions/new"
end
end
test "#create delete the url stored in the session if the requested format is navigational" do
request.env["devise.mapping"] = Devise.mappings[:user]
request.session["user_return_to"] = 'foo.bar'
user = create_user
user.confirm
post :create, params: { user: {
email: user.email,
password: user.password
}
}
assert_nil request.session["user_return_to"]
end
test "#create doesn't delete the url stored in the session if the requested format is not navigational" do
request.env["devise.mapping"] = Devise.mappings[:user]
request.session["user_return_to"] = 'foo.bar'
user = create_user
user.confirm
post :create, params: { format: 'json', user: {
email: user.email,
password: user.password
}
}
assert_equal 'foo.bar', request.session["user_return_to"]
end
test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do
request.env["devise.mapping"] = Devise.mappings[:user]
post :create, params: { user: {
email: "nosuchuser@example.com",
password: "wevdude"
}
}
assert_equal 200, @response.status
assert_template "devise/sessions/new"
end
test "#destroy doesn't set the flash and returns 204 status if the requested format is not navigational" do
request.env["devise.mapping"] = Devise.mappings[:user]
user = create_user
user.confirm
post :create, params: { format: 'json', user: {
email: user.email,
password: user.password
}
}
delete :destroy, format: 'json'
assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}"
assert_equal 204, @response.status
end
test "#destroy returns 401 status if user is not signed in and the requested format is not navigational" do
request.env["devise.mapping"] = Devise.mappings[:user]
delete :destroy, format: 'json'
assert_equal 401, @response.status
end
test "#destroy returns 302 status if user is not signed in and the requested format is navigational" do
request.env["devise.mapping"] = Devise.mappings[:user]
delete :destroy
assert_equal 302, @response.status
end
end
Reference in New Issue View Git Blame Copy Permalink