14.4 Iteration I4: Adding a Sidebar 14.2 Iteration I2: Authenticating Users
57 (tests|runs), 172 assertions, 0 failures, 0 errors. <0> expected to be >= <1>. Traceback: /home/rubys/git/awdwr/edition4/checkdepot.rb:36:in `assert_test_summary' /home/rubys/git/awdwr/edition4/checkdepot.rb:340:in `block in <class:DepotTest>'
require authorization before every access
edit app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
before_action :authorize
# ...
protected
def authorize
unless User.find_by(id: session[:user_id])
redirect_to login_url, notice: "Please log in"
end
end
end
whitelist the sessions and store controllers
edit app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
skip_before_action :authorize
edit app/controllers/store_controller.rb
class StoreController < ApplicationController
skip_before_action :authorize
whitelist cart operations
edit app/controllers/carts_controller.rb
class CartsController < ApplicationController
skip_before_action :authorize, only: [:create, :update, :destroy]
# ...
private
# ...
def invalid_cart
logger.error "Attempt to access invalid cart #{params[:id]}"
redirect_to store_url, notice: 'Invalid cart'
end
end
whitelist line_item operations
edit app/controllers/line_items_controller.rb
class LineItemsController < ApplicationController
skip_before_action :authorize, only: :create
whitelist order operations
edit app/controllers/orders_controller.rb
class OrdersController < ApplicationController
skip_before_action :authorize, only: [:new, :create]
Cause all tests to do an implicit login
edit test/test_helper.rb
class ActiveSupport::TestCase
# ...
# Add more helper methods to be used by all tests here...
def login_as(user)
session[:user_id] = users(user).id
end
def logout
session.delete :user_id
end
def setup
login_as :one if defined? session
end
end
Show that the now pass
rake test
DEPRECATION WARNING: alias_method_chain is deprecated. Please, use Module#prepend instead. From module, you can access the original method using super. (called from rescue in <class:Exception> at /home/rubys/.rvm/gems/ruby-head-n50123/gems/web-console-2.1.2/lib/web_console/integration/cruby.rb:37)
DEPRECATION WARNING: alias_method_chain is deprecated. Please, use Module#prepend instead. From module, you can access the original method using super. (called from block in <top (required)> at /home/rubys/.rvm/gems/ruby-head-n50123/gems/web-console-2.1.2/lib/web_console/extensions.rb:18)
DEPRECATION WARNING: alias_method_chain is deprecated. Please, use Module#prepend instead. From module, you can access the original method using super. (called from included at /home/rubys/.rvm/gems/ruby-head-n50123/gems/turbolinks-2.5.3/lib/turbolinks/xhr_url_for.rb:7)
rake aborted!
SyntaxError: /home/rubys/git/awdwr/edition4/work-220/depot/test/controllers/line_items_controller_test.rb:23: syntax error, unexpected keyword_end, expecting '}'
/home/rubys/git/awdwr/edition4/work-220/depot/test/controllers/line_items_controller_test.rb:68: syntax error, unexpected end-of-input, expecting keyword_end
/home/rubys/git/rails/activesupport/lib/active_support/dependencies.rb:274:in `require'
/home/rubys/git/rails/activesupport/lib/active_support/dependencies.rb:274:in `block in require'
/home/rubys/git/rails/activesupport/lib/active_support/dependencies.rb:240:in `load_dependency'
/home/rubys/git/rails/activesupport/lib/active_support/dependencies.rb:274:in `require'
/home/rubys/git/rails/railties/lib/rails/test_unit/runner.rb:118:in `block in run_tests'
/home/rubys/git/rails/railties/lib/rails/test_unit/runner.rb:117:in `each'
/home/rubys/git/rails/railties/lib/rails/test_unit/runner.rb:117:in `run_tests'
/home/rubys/git/rails/railties/lib/rails/test_unit/runner.rb:88:in `run'
/home/rubys/git/rails/railties/lib/rails/test_unit/runner.rb:82:in `run'
/home/rubys/git/rails/railties/lib/rails/test_unit/testing.rake:9:in `block in <top (required)>'
Tasks: TOP => test
(See full trace by running task with --trace)
14.4 Iteration I4: Adding a Sidebar 14.2 Iteration I2: Authenticating Users