Merge pull request #171 from kufu/fixes/redirect_login_page_when_sess…

…ion_lose Redirect to profile page if user not logged in when login required
kufu · May 8, 2024 · db0b36f · db0b36f
2 parents f586d47 + 2acbd16
commit db0b36f
Show file tree

Hide file tree

Showing 6 changed files with 50 additions and 10 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -50,6 +50,13 @@ def set_default_event
     request.path_parameters[:event_name] = @event.name
   end
 
+  def make_sure_user_logged_in
+    return if @user&.profile
+
+    session[:breakout_turbo] = true
+    redirect_to profile_path, flash: { error: I18n.t('errors.login_required') }
+  end
+
   def create_and_set_user
     @user = User.create!
     session[:user_id] = @user.id

diff --git a/app/controllers/members_controller.rb b/app/controllers/members_controller.rb
@@ -3,6 +3,7 @@
 class MembersController < ApplicationController
   class NoPermissionError < StandardError; end
 
+  before_action :make_sure_user_logged_in
   before_action :set_team
   before_action :set_team_profile, except: :create
   before_action :define_error_variable

diff --git a/app/controllers/teams_controller.rb b/app/controllers/teams_controller.rb
@@ -3,6 +3,7 @@
 class TeamsController < ApplicationController
   class InvalidStateError < StandardError; end
 
+  before_action :make_sure_user_logged_in
   before_action :set_team, only: %i[show edit update destroy]
   before_action :check_user_belongs_to_team, only: %i[show update destroy]
 

diff --git a/app/controllers/triggers_controller.rb b/app/controllers/triggers_controller.rb
@@ -2,20 +2,12 @@
 
 class TriggersController < ApplicationController
   prepend_before_action :set_default_event
-  before_action :make_sure_user_has_profile
+  before_action :make_sure_user_logged_in
 
   def show
     trigger = Trigger.find(params[:id])
     trigger.perform(@user.profile, params[:key])
 
     redirect_to profile_path
   end
-
-  private
-
-  def make_sure_user_has_profile
-    return if @user&.profile
-
-    redirect_to profile_path, flash: { error: I18n.t('errors.login_required') }
-  end
 end
diff --git a/test/controllers/teams_controller_test.rb b/test/controllers/teams_controller_test.rb
@@ -7,11 +7,19 @@ class TeamsControllerTest < ActionDispatch::IntegrationTest
     @team = teams(:alpha)
   end
 
-  test 'should get new' do
+  test 'should get new with session' do
+    omniauth_callback_uid(1234) # profile_one
+    get '/auth/github/callback'
+
     get new_team_url
     assert_response :success
   end
 
+  test 'should not get new without session' do
+    get new_team_url
+    assert_redirected_to profile_path
+  end
+
   test 'should create team and creator profile has admin role' do
     team_profiles(:team_profile1).destroy
 
@@ -38,6 +46,14 @@ class TeamsControllerTest < ActionDispatch::IntegrationTest
     assert_response :forbidden
   end
 
+  test 'should not create team and redirect to profile if no session' do
+    assert_no_changes -> { [Team.count, TeamProfile.count] } do
+      post teams_url, params: { team: { name: 'Charlie' } }
+    end
+
+    assert_redirected_to profile_path
+  end
+
   test 'should return new page when create with invalid param' do
     team_profiles(:team_profile1).destroy
 
@@ -76,6 +92,11 @@ class TeamsControllerTest < ActionDispatch::IntegrationTest
     assert_response :not_found
   end
 
+  test 'should not show team if no session' do
+    get team_url(@team)
+    assert_redirected_to profile_path
+  end
+
   test 'should update team' do
     omniauth_callback_uid(1234) # profile_one
     get '/auth/github/callback'
@@ -92,6 +113,11 @@ class TeamsControllerTest < ActionDispatch::IntegrationTest
     assert_response :forbidden
   end
 
+  test 'should not update team if no session' do
+    patch team_url(@team), params: { team: { name: 'Delta' } }
+    assert_redirected_to profile_path
+  end
+
   test 'should destroy team' do
     omniauth_callback_uid(1234) # profile_one
     get '/auth/github/callback'
@@ -113,4 +139,9 @@ class TeamsControllerTest < ActionDispatch::IntegrationTest
 
     assert_response :forbidden
   end
+
+  test 'should not destroy team if no session' do
+    delete team_url(@team)
+    assert_redirected_to profile_path
+  end
 end
diff --git a/test/controllers/triggers_controller_test.rb b/test/controllers/triggers_controller_test.rb
@@ -36,4 +36,12 @@ def setup
 
     assert_redirected_to profile_path
   end
+
+  test 'no triggered if no session' do
+    assert_no_difference -> { ProfileTrophy.count } do
+      get trigger_path(@trigger, key: 'testkey')
+    end
+
+    assert_redirected_to profile_path
+  end
 end