Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement #login! helper #332

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Changelog
## HEAD

* Add a `#login!` helper that raises an exception if the login fails [#332](https://github.com/Sorcery/sorcery/pull/322)
* Raise ArgumentError when calling change_password! with blank password [#333](https://github.com/Sorcery/sorcery/pull/333)

## 0.16.4
Expand Down
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ explaining and the rest are commented:
```ruby
require_login # This is a before action
login(email, password, remember_me = false)
login!(email, password, remember_me = false) # Raises a `Sorcery::Errors::InvalidCredentials` exception on failure
auto_login(user) # Login without credentials
logout
logged_in? # Available in views
Expand Down
12 changes: 12 additions & 0 deletions lib/errors.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# frozen_string_literal: true

module Sorcery
##
# Custom error class for rescuing from all Sorcery errors.
#
class Error < StandardError; end

module Errors
class InvalidCredentials < Sorcery::Error; end
end
end
1 change: 1 addition & 0 deletions lib/sorcery.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
require 'sorcery/version'
require 'errors'

module Sorcery
require 'sorcery/model'
Expand Down
8 changes: 8 additions & 0 deletions lib/sorcery/controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,14 @@ def login(*credentials)
end
end

def login!(*credentials, &block)
user = login(*credentials, &block)

raise Sorcery::Errors::InvalidCredentials if user.nil?

user
end

def reset_sorcery_session
reset_session # protect from session fixation attacks
end
Expand Down
66 changes: 66 additions & 0 deletions spec/controllers/controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,72 @@
end
end

describe '#login!' do
context 'when succeeds' do
before do
expect(User).to receive(:authenticate).with('[email protected]', 'secret') { |&block| block.call(user, nil) }
joshbuker marked this conversation as resolved.
Show resolved Hide resolved
get :test_login_bang, params: { email: '[email protected]', password: 'secret' }
end

it 'assigns user to @user variable' do
expect(assigns[:user]).to eq user
end

it 'writes user id in session' do
expect(session[:user_id]).to eq user.id.to_s
end

it 'sets csrf token in session' do
expect(session[:_csrf_token]).not_to be_nil
end
end

context 'when fails' do
before do
expect(User).to receive(:authenticate).with('[email protected]', 'opensesame!').and_return(nil)
end

it 'raises InvalidCredentials exception' do
expect do
get :test_login_bang, params: { email: '[email protected]', password: 'opensesame!' }
end.to raise_error(Sorcery::Errors::InvalidCredentials)
end
end
end

describe '#login! with block' do
context 'when succeeds' do
before do
expect(User).to receive(:authenticate).with('[email protected]', 'secret') { |&block| block.call(user, nil) }
get :test_login_bang_with_block, params: { email: '[email protected]', password: 'secret' }
end

it 'writes user id in session' do
expect(session[:user_id]).to eq user.id.to_s
end

it 'sets csrf token in session' do
expect(session[:_csrf_token]).not_to be_nil
end

it 'redirects to root' do
expect(response).to redirect_to(root_url)
end
end

context 'when fails' do
before do
expect(User).to receive(:authenticate).with('[email protected]', 'opensesame!').and_return(nil)
end

it 'raises InvalidCredentials exception' do
expect do
get :test_login_bang_with_block, params: { email: '[email protected]', password: 'opensesame!' }
end.to raise_error(Sorcery::Errors::InvalidCredentials)
end
end
end

describe '#logout' do
it 'clears the session' do
cookies[:remember_me_token] = nil
Expand Down
23 changes: 23 additions & 0 deletions spec/rails_app/app/controllers/sorcery_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,29 @@ def test_login
head :ok
end

def test_login_bang
@user = login!(params[:email], params[:password])
head :ok
end

def test_login_bang_with_block
@user = login!(params[:email], params[:password]) do |user, failure|
if user && !failure
redirect_to :root
else
case failure
when :invalid_login
flash.now[:alert] = 'Wrong login provided.'
when :invalid_password
flash.now[:alert] = 'Wrong password provided.'
when :inactive
flash.now[:alert] = 'Your have not yet activated your account.'
end
render action: 'new'
end
end
end

def test_auto_login
@user = User.first
auto_login(@user)
Expand Down
2 changes: 2 additions & 0 deletions spec/rails_app/config/routes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@

controller :sorcery do
get :test_login
get :test_login_bang
get :test_login_bang_with_block
get :test_logout
get :some_action
post :test_return_to
Expand Down