15.4 Iteration J4: Adding a Sidebar 15.2 Iteration J2: Authenticating Users
56 (tests|runs), 153 assertions, 0 failures, 0 errors. <0> was expected to be >= <1>. Traceback: /home/rubys/git/awdwr/edition4/checkdepot.rb:38:in `assert_test_summary' /home/rubys/git/awdwr/edition4/checkdepot.rb:421:in `block in <class:DepotTest>'
require authorization before every access
edit app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
before_action :authorize
# ...
protected
def authorize
unless User.find_by(id: session[:user_id])
redirect_to login_url, notice: "Please log in"
end
end
end
whitelist the sessions and store controllers
edit app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
skip_before_action :authorize
edit app/controllers/store_controller.rb
class StoreController < ApplicationController
skip_before_action :authorize
whitelist cart operations
edit app/controllers/carts_controller.rb
class CartsController < ApplicationController
skip_before_action :authorize, only: [:create, :update, :destroy]
# ...
private
# ...
def invalid_cart
logger.error "Attempt to access invalid cart #{params[:id]}"
redirect_to store_index_url, notice: 'Invalid cart'
end
end
whitelist line_item operations
edit app/controllers/line_items_controller.rb
class LineItemsController < ApplicationController
skip_before_action :authorize, only: :create
whitelist order operations
edit app/controllers/orders_controller.rb
class OrdersController < ApplicationController
skip_before_action :authorize, only: [:new, :create]
Cause all tests to do an implicit login
edit test/test_helper.rb
require File.expand_path('../../config/environment', __FILE__)
require 'rails/test_help'
class ActiveSupport::TestCase
# Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
fixtures :all
# Add more helper methods to be used by all tests here...
end
class ActionDispatch::IntegrationTest
def login_as(user)
post login_url, params: { name: user.name, password: 'secret' }
end
def logout
delete logout_url
end
def setup
login_as users(:one)
end
end
Show that the now pass
rails test
Run options: --seed 43899
# Running:
...............................E
Error:
DslUserStoriesTest#test_two_people_buying:
NoMethodError: undefined method `split' for nil:NilClass
app/models/order.rb:36:in `charge!'
app/jobs/charge_order_job.rb:7:in `perform'
app/controllers/orders_controller.rb:47:in `block in create'
app/controllers/orders_controller.rb:41:in `create'
test/integration/dsl_user_stories_test.rb:95:in `checks_out'
test/integration/dsl_user_stories_test.rb:63:in `block in test_two_people_buying'
test/integration/dsl_user_stories_test.rb:54:in `test_two_people_buying'
bin/rails test test/integration/dsl_user_stories_test.rb:53
........................
Finished in 4.593082s, 12.1922 runs/s, 31.1338 assertions/s.
56 runs, 143 assertions, 0 failures, 1 errors, 0 skips
15.4 Iteration J4: Adding a Sidebar 15.2 Iteration J2: Authenticating Users