14.4 Iteration I4: Adding a Sidebar 14.2 Iteration I2: Authenticating Users
57 (tests|runs), 172 assertions, 0 failures, 0 errors. <0> expected to be >= <1>. Traceback: /home/rubys/git/awdwr/edition4/checkdepot.rb:36:in `assert_test_summary' /home/rubys/git/awdwr/edition4/checkdepot.rb:340:in `block in <class:DepotTest>'
require authorization before every access
edit app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
before_action :authorize
# ...
protected
def authorize
unless User.find_by(id: session[:user_id])
redirect_to login_url, notice: "Please log in"
end
end
end
whitelist the sessions and store controllers
edit app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
skip_before_action :authorize
edit app/controllers/store_controller.rb
class StoreController < ApplicationController
skip_before_action :authorize
whitelist cart operations
edit app/controllers/carts_controller.rb
class CartsController < ApplicationController
skip_before_action :authorize, only: [:create, :update, :destroy]
# ...
private
# ...
def invalid_cart
logger.error "Attempt to access invalid cart #{params[:id]}"
redirect_to store_url, notice: 'Invalid cart'
end
end
whitelist line_item operations
edit app/controllers/line_items_controller.rb
class LineItemsController < ApplicationController
skip_before_action :authorize, only: :create
whitelist order operations
edit app/controllers/orders_controller.rb
class OrdersController < ApplicationController
skip_before_action :authorize, only: [:new, :create]
Cause all tests to do an implicit login
edit test/test_helper.rb
class ActiveSupport::TestCase
# ...
# Add more helper methods to be used by all tests here...
def login_as(user)
session[:user_id] = users(user).id
end
def logout
session.delete :user_id
end
def setup
login_as :one if defined? session
end
end
Show that the now pass
rake test
Run options: --seed 21689
# Running:
...F...............................FF....................
Finished in 1.318629s, 43.2267 runs/s, 126.6467 assertions/s.
1) Failure:
UserStoriesTest#test_buying_a_product [/home/rubys/git/awdwr/edition4/work-42/depot/test/integration/user_stories_test.rb:69]:
Expected: "Sam Ruby <depot@example.com>"
Actual: "from@example.com"
2) Failure:
OrderNotifierTest#test_received [/home/rubys/git/awdwr/edition4/work-42/depot/test/mailers/order_notifier_test.rb:9]:
Expected: ["depot@example.com"]
Actual: ["from@example.com"]
3) Failure:
OrderNotifierTest#test_shipped [/home/rubys/git/awdwr/edition4/work-42/depot/test/mailers/order_notifier_test.rb:19]:
Expected: ["depot@example.com"]
Actual: ["from@example.com"]
57 runs, 167 assertions, 3 failures, 0 errors, 0 skips
14.4 Iteration I4: Adding a Sidebar 14.2 Iteration I2: Authenticating Users