# Offense count: 8
Rails/OutputSafety:
Exclude:
+ - 'app/controllers/sessions_controller.rb'
- 'app/controllers/users_controller.rb'
- 'app/helpers/application_helper.rb'
- 'lib/rich_text.rb'
can [:index, :rss, :show, :comments], DiaryEntry
can [:index], Note
can [:index, :show], Redaction
+ can [:new, :create, :destroy], :session
can [:index, :show, :data, :georss, :picture, :icon], Trace
- can [:terms, :login, :logout, :new, :create, :save, :confirm, :confirm_resend, :confirm_email, :lost_password, :reset_password, :show, :auth_success, :auth_failure], User
+ can [:terms, :new, :create, :save, :confirm, :confirm_resend, :confirm_email, :lost_password, :reset_password, :show, :auth_success, :auth_failure], User
can [:index, :show, :blocks_on, :blocks_by], UserBlock
can [:index, :show], Node
can [:index, :show, :full, :ways_for_node], Way
--- /dev/null
+module SessionMethods
+ extend ActiveSupport::Concern
+
+ private
+
+ ##
+ # return the URL to use for authentication
+ def auth_url(provider, uid, referer = nil)
+ params = { :provider => provider }
+
+ params[:openid_url] = openid_expand_url(uid) if provider == "openid"
+
+ if referer.nil?
+ params[:origin] = request.path
+ else
+ params[:origin] = "#{request.path}?referer=#{CGI.escape(referer)}"
+ params[:referer] = referer
+ end
+
+ auth_path(params)
+ end
+
+ ##
+ # special case some common OpenID providers by applying heuristics to
+ # try and come up with the correct URL based on what the user entered
+ def openid_expand_url(openid_url)
+ if openid_url.nil?
+ nil
+ elsif openid_url.match(%r{(.*)gmail.com(/?)$}) || openid_url.match(%r{(.*)googlemail.com(/?)$})
+ # Special case gmail.com as it is potentially a popular OpenID
+ # provider and, unlike yahoo.com, where it works automatically, Google
+ # have hidden their OpenID endpoint somewhere obscure this making it
+ # somewhat less user friendly.
+ "https://www.google.com/accounts/o8/id"
+ else
+ openid_url
+ end
+ end
+
+ ##
+ # process a successful login
+ def successful_login(user, referer = nil)
+ session[:user] = user.id
+ session[:fingerprint] = user.fingerprint
+ session_expires_after 28.days if session[:remember_me]
+
+ target = referer || session[:referer] || url_for(:controller => :site, :action => :index)
+
+ # The user is logged in, so decide where to send them:
+ #
+ # - If they haven't seen the contributor terms, send them there.
+ # - If they have a block on them, show them that.
+ # - If they were referred to the login, send them back there.
+ # - Otherwise, send them to the home page.
+ if !user.terms_seen
+ redirect_to :controller => :users, :action => :terms, :referer => target
+ elsif user.blocked_on_view
+ redirect_to user.blocked_on_view, :referer => target
+ else
+ redirect_to target
+ end
+
+ session.delete(:remember_me)
+ session.delete(:referer)
+ end
+
+ ##
+ # process a failed login
+ def failed_login(message, username = nil)
+ flash[:error] = message
+
+ redirect_to :action => "new", :referer => session[:referer],
+ :username => username, :remember_me => session[:remember_me]
+
+ session.delete(:remember_me)
+ session.delete(:referer)
+ end
+
+ ##
+ #
+ def unconfirmed_login(user)
+ session[:token] = user.tokens.create.token
+
+ redirect_to :controller => "users", :action => "confirm", :display_name => user.display_name
+
+ session.delete(:remember_me)
+ session.delete(:referer)
+ end
+
+ ##
+ #
+ def disable_terms_redirect
+ # this is necessary otherwise going to the user terms page, when
+ # having not agreed already would cause an infinite redirect loop.
+ # it's .now so that this doesn't propagate to other pages.
+ flash.now[:skip_terms] = true
+ end
+end
--- /dev/null
+class SessionsController < ApplicationController
+ include SessionMethods
+
+ layout "site"
+
+ before_action :disable_terms_redirect, :only => [:destroy]
+ before_action :require_cookies, :only => [:new]
+
+ authorize_resource :class => false
+
+ def new
+ append_content_security_policy_directives(
+ :form_action => %w[*]
+ )
+
+ session[:referer] = safe_referer(params[:referer]) if params[:referer]
+ end
+
+ def create
+ session[:remember_me] ||= params[:remember_me]
+ session[:referer] = safe_referer(params[:referer]) if params[:referer]
+ password_authentication(params[:username], params[:password])
+ end
+
+ def destroy
+ @title = t "sessions.destroy.title"
+
+ if request.post?
+ if session[:token]
+ token = UserToken.find_by(:token => session[:token])
+ token&.destroy
+ session.delete(:token)
+ end
+ session.delete(:user)
+ session_expires_automatically
+ if params[:referer]
+ redirect_to safe_referer(params[:referer])
+ else
+ redirect_to :controller => "site", :action => "index"
+ end
+ end
+ end
+
+ private
+
+ ##
+ # handle password authentication
+ def password_authentication(username, password)
+ if (user = User.authenticate(:username => username, :password => password))
+ successful_login(user)
+ elsif (user = User.authenticate(:username => username, :password => password, :pending => true))
+ unconfirmed_login(user)
+ elsif User.authenticate(:username => username, :password => password, :suspended => true)
+ failed_login t("sessions.new.account is suspended", :webmaster => "mailto:#{Settings.support_email}").html_safe, username
+ else
+ failed_login t("sessions.new.auth failure"), username
+ end
+ end
+end
class UsersController < ApplicationController
+ include SessionMethods
+
layout "site"
skip_before_action :verify_authenticity_token, :only => [:auth_success]
- before_action :disable_terms_redirect, :only => [:terms, :save, :logout]
+ before_action :disable_terms_redirect, :only => [:terms, :save]
before_action :authorize_web
before_action :set_locale
before_action :check_database_readable
before_action :require_self, :only => [:account]
before_action :check_database_writable, :only => [:new, :account, :confirm, :confirm_email, :lost_password, :reset_password, :go_public]
- before_action :require_cookies, :only => [:new, :login, :confirm]
+ before_action :require_cookies, :only => [:new, :confirm]
before_action :lookup_user_by_name, :only => [:set_status, :destroy]
before_action :allow_thirdparty_images, :only => [:show, :account]
end
end
- def login
- append_content_security_policy_directives(
- :form_action => %w[*]
- )
-
- session[:referer] = safe_referer(params[:referer]) if params[:referer]
-
- if request.post?
- session[:remember_me] ||= params[:remember_me]
- password_authentication(params[:username], params[:password])
- end
- end
-
- def logout
- @title = t "users.logout.title"
-
- if request.post?
- if session[:token]
- token = UserToken.find_by(:token => session[:token])
- token&.destroy
- session.delete(:token)
- end
- session.delete(:user)
- session_expires_automatically
- if params[:referer]
- redirect_to safe_referer(params[:referer])
- else
- redirect_to :controller => "site", :action => "index"
- end
- end
- end
-
def confirm
if request.post?
token = UserToken.find_by(:token => params[:confirm_string])
private
- ##
- # handle password authentication
- def password_authentication(username, password)
- if user = User.authenticate(:username => username, :password => password)
- successful_login(user)
- elsif user = User.authenticate(:username => username, :password => password, :pending => true)
- unconfirmed_login(user)
- elsif User.authenticate(:username => username, :password => password, :suspended => true)
- failed_login t("users.login.account is suspended", :webmaster => "mailto:#{Settings.support_email}").html_safe, username
- else
- failed_login t("users.login.auth failure"), username
- end
- end
-
- ##
- # return the URL to use for authentication
- def auth_url(provider, uid, referer = nil)
- params = { :provider => provider }
-
- params[:openid_url] = openid_expand_url(uid) if provider == "openid"
-
- if referer.nil?
- params[:origin] = request.path
- else
- params[:origin] = "#{request.path}?referer=#{CGI.escape(referer)}"
- params[:referer] = referer
- end
-
- auth_path(params)
- end
-
- ##
- # special case some common OpenID providers by applying heuristics to
- # try and come up with the correct URL based on what the user entered
- def openid_expand_url(openid_url)
- if openid_url.nil?
- nil
- elsif openid_url.match(%r{(.*)gmail.com(/?)$}) || openid_url.match(%r{(.*)googlemail.com(/?)$})
- # Special case gmail.com as it is potentially a popular OpenID
- # provider and, unlike yahoo.com, where it works automatically, Google
- # have hidden their OpenID endpoint somewhere obscure this making it
- # somewhat less user friendly.
- "https://www.google.com/accounts/o8/id"
- else
- openid_url
- end
- end
-
- ##
- # process a successful login
- def successful_login(user, referer = nil)
- session[:user] = user.id
- session[:fingerprint] = user.fingerprint
- session_expires_after 28.days if session[:remember_me]
-
- target = referer || session[:referer] || url_for(:controller => :site, :action => :index)
-
- # The user is logged in, so decide where to send them:
- #
- # - If they haven't seen the contributor terms, send them there.
- # - If they have a block on them, show them that.
- # - If they were referred to the login, send them back there.
- # - Otherwise, send them to the home page.
- if !user.terms_seen
- redirect_to :action => :terms, :referer => target
- elsif user.blocked_on_view
- redirect_to user.blocked_on_view, :referer => target
- else
- redirect_to target
- end
-
- session.delete(:remember_me)
- session.delete(:referer)
- end
-
- ##
- # process a failed login
- def failed_login(message, username = nil)
- flash[:error] = message
-
- redirect_to :action => "login", :referer => session[:referer],
- :username => username, :remember_me => session[:remember_me]
-
- session.delete(:remember_me)
- session.delete(:referer)
- end
-
##
#
def unconfirmed_login(user)
redirect_to :action => "view", :display_name => params[:display_name] unless @user
end
- ##
- #
- def disable_terms_redirect
- # this is necessary otherwise going to the user terms page, when
- # having not agreed already would cause an infinite redirect loop.
- # it's .now so that this doesn't propagate to other pages.
- flash.now[:skip_terms] = true
- end
-
##
# return permitted user parameters
def user_params
# External authentication support
def openid_logo
- image_tag "openid_small.png", :alt => t("users.login.openid_logo_alt"), :class => "openid_logo"
+ image_tag "openid_small.png", :alt => t("sessions.new.openid_logo_alt"), :class => "openid_logo"
end
def auth_button(name, provider, options = {})
link_to(
- image_tag("#{name}.svg", :alt => t("users.login.auth_providers.#{name}.alt"), :class => "rounded-lg"),
+ image_tag("#{name}.svg", :alt => t("sessions.new.auth_providers.#{name}.alt"), :class => "rounded-lg"),
auth_path(options.merge(:provider => provider)),
:method => :post,
:class => "auth_button",
- :title => t("users.login.auth_providers.#{name}.title")
+ :title => t("sessions.new.auth_providers.#{name}.title")
)
end
as_unread: "Message marked as unread"
destroy:
destroyed: "Message deleted"
+ sessions:
+ new:
+ title: "Login"
+ heading: "Login"
+ email or username: "Email Address or Username:"
+ password: "Password:"
+ openid_html: "%{logo} OpenID:"
+ remember: "Remember me"
+ lost password link: "Lost your password?"
+ login_button: "Login"
+ register now: Register now
+ with username: "Already have an OpenStreetMap account? Please login with your username and password:"
+ with external: "Alternatively, use a third party to login:"
+ new to osm: New to OpenStreetMap?
+ to make changes: To make changes to the OpenStreetMap data, you must have an account.
+ create account minute: Create an account. It only takes a minute.
+ no account: Don't have an account?
+ account not active: "Sorry, your account is not active yet.<br />Please use the link in the account confirmation email to activate your account, or <a href=\"%{reconfirm}\">request a new confirmation email</a>."
+ account is suspended: Sorry, your account has been suspended due to suspicious activity.<br />Please contact the <a href="%{webmaster}">webmaster</a> if you wish to discuss this.
+ auth failure: "Sorry, could not log in with those details."
+ openid_logo_alt: "Log in with an OpenID"
+ auth_providers:
+ openid:
+ title: Login with OpenID
+ alt: Login with an OpenID URL
+ google:
+ title: Login with Google
+ alt: Login with a Google OpenID
+ facebook:
+ title: Login with Facebook
+ alt: Login with a Facebook Account
+ windowslive:
+ title: Login with Windows Live
+ alt: Login with a Windows Live Account
+ github:
+ title: Login with GitHub
+ alt: Login with a GitHub Account
+ wikipedia:
+ title: Login with Wikipedia
+ alt: Login with a Wikipedia Account
+ yahoo:
+ title: Login with Yahoo
+ alt: Login with a Yahoo OpenID
+ wordpress:
+ title: Login with Wordpress
+ alt: Login with a Wordpress OpenID
+ aol:
+ title: Login with AOL
+ alt: Login with an AOL OpenID
+ destroy:
+ title: "Logout"
+ heading: "Logout from OpenStreetMap"
+ logout_button: "Logout"
shared:
markdown_help:
title_html: Parsed with <a href="https://kramdown.gettalong.org/quickref.html">kramdown</a>
destroy:
flash: "Destroyed the client application registration"
users:
- login:
- title: "Login"
- heading: "Login"
- email or username: "Email Address or Username:"
- password: "Password:"
- openid_html: "%{logo} OpenID:"
- remember: "Remember me"
- lost password link: "Lost your password?"
- login_button: "Login"
- register now: Register now
- with username: "Already have an OpenStreetMap account? Please login with your username and password:"
- with external: "Alternatively, use a third party to login:"
- new to osm: New to OpenStreetMap?
- to make changes: To make changes to the OpenStreetMap data, you must have an account.
- create account minute: Create an account. It only takes a minute.
- no account: Don't have an account?
- account not active: "Sorry, your account is not active yet.<br />Please use the link in the account confirmation email to activate your account, or <a href=\"%{reconfirm}\">request a new confirmation email</a>."
- account is suspended: Sorry, your account has been suspended due to suspicious activity.<br />Please contact the <a href="%{webmaster}">webmaster</a> if you wish to discuss this.
- auth failure: "Sorry, could not log in with those details."
- openid_logo_alt: "Log in with an OpenID"
- auth_providers:
- openid:
- title: Login with OpenID
- alt: Login with an OpenID URL
- google:
- title: Login with Google
- alt: Login with a Google OpenID
- facebook:
- title: Login with Facebook
- alt: Login with a Facebook Account
- windowslive:
- title: Login with Windows Live
- alt: Login with a Windows Live Account
- github:
- title: Login with GitHub
- alt: Login with a GitHub Account
- wikipedia:
- title: Login with Wikipedia
- alt: Login with a Wikipedia Account
- yahoo:
- title: Login with Yahoo
- alt: Login with a Yahoo OpenID
- wordpress:
- title: Login with Wordpress
- alt: Login with a Wordpress OpenID
- aol:
- title: Login with AOL
- alt: Login with an AOL OpenID
- logout:
- title: "Logout"
- heading: "Logout from OpenStreetMap"
- logout_button: "Logout"
lost_password:
title: "Lost password"
heading: "Forgotten Password?"
get "/history/feed" => "changesets#feed", :defaults => { :format => :atom }
get "/history/comments/feed" => "changeset_comments#index", :as => :changesets_comments_feed, :defaults => { :format => "rss" }
get "/export" => "site#export"
- match "/login" => "users#login", :via => [:get, :post]
- match "/logout" => "users#logout", :via => [:get, :post]
+ get "/login" => "sessions#new"
+ post "/login" => "sessions#create"
+ match "/logout" => "sessions#destroy", :via => [:get, :post]
get "/offline" => "site#offline"
get "/key" => "site#key"
get "/id" => "site#id"
--- /dev/null
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+ ##
+ # test all routes which lead to this controller
+ def test_routes
+ assert_routing(
+ { :path => "/login", :method => :get },
+ { :controller => "sessions", :action => "new" }
+ )
+ assert_routing(
+ { :path => "/login", :method => :post },
+ { :controller => "sessions", :action => "create" }
+ )
+ assert_recognizes(
+ { :controller => "sessions", :action => "new", :format => "html" },
+ { :path => "/login.html", :method => :get }
+ )
+
+ assert_routing(
+ { :path => "/logout", :method => :get },
+ { :controller => "sessions", :action => "destroy" }
+ )
+ assert_routing(
+ { :path => "/logout", :method => :post },
+ { :controller => "sessions", :action => "destroy" }
+ )
+ assert_recognizes(
+ { :controller => "sessions", :action => "destroy", :format => "html" },
+ { :path => "/logout.html", :method => :get }
+ )
+ end
+
+ def test_login
+ user = create(:user)
+
+ get login_path
+ assert_response :redirect
+ assert_redirected_to login_path(:cookie_test => true)
+ follow_redirect!
+ assert_response :success
+ assert_template "sessions/new"
+
+ get login_path, :params => { :username => user.display_name, :password => "test" }
+ assert_response :success
+ assert_template "sessions/new"
+
+ post login_path, :params => { :username => user.display_name, :password => "test" }
+ assert_response :redirect
+ assert_redirected_to root_path
+ end
+
+ def test_logout_without_referer
+ post logout_path
+ assert_response :redirect
+ assert_redirected_to root_path
+ end
+
+ def test_logout_with_referer
+ post logout_path, :params => { :referer => "/test" }
+ assert_response :redirect
+ assert_redirected_to "/test"
+ end
+
+ def test_logout_fallback_without_referer
+ get logout_path
+ assert_response :success
+ assert_template "sessions/destroy"
+ assert_select "input[name=referer]:not([value])"
+ end
+
+ def test_logout_fallback_with_referer
+ get logout_path, :params => { :referer => "/test" }
+ assert_response :success
+ assert_template "sessions/destroy"
+ assert_select "input[name=referer][value=?]", "/test"
+ end
+
+ def test_logout_removes_session_token
+ user = build(:user, :pending)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+
+ assert_difference "User.find_by(:email => user.email).tokens.count", -1 do
+ post logout_path
+ end
+ assert_response :redirect
+ assert_redirected_to root_path
+ end
+end
##
# test all routes which lead to this controller
def test_routes
- assert_routing(
- { :path => "/login", :method => :get },
- { :controller => "users", :action => "login" }
- )
- assert_routing(
- { :path => "/login", :method => :post },
- { :controller => "users", :action => "login" }
- )
- assert_recognizes(
- { :controller => "users", :action => "login", :format => "html" },
- { :path => "/login.html", :method => :get }
- )
-
- assert_routing(
- { :path => "/logout", :method => :get },
- { :controller => "users", :action => "logout" }
- )
- assert_routing(
- { :path => "/logout", :method => :post },
- { :controller => "users", :action => "logout" }
- )
- assert_recognizes(
- { :controller => "users", :action => "logout", :format => "html" },
- { :path => "/logout.html", :method => :get }
- )
-
assert_routing(
{ :path => "/user/new", :method => :get },
{ :controller => "users", :action => "new" }
ActionMailer::Base.deliveries.clear
end
- def test_login
- user = create(:user)
-
- get login_path
- assert_response :redirect
- assert_redirected_to login_path(:cookie_test => true)
- follow_redirect!
- assert_response :success
- assert_template "login"
-
- get login_path, :params => { :username => user.display_name, :password => "test" }
- assert_response :success
- assert_template "login"
-
- post login_path, :params => { :username => user.display_name, :password => "test" }
- assert_response :redirect
- assert_redirected_to root_path
- end
-
- def test_logout_without_referer
- post logout_path
- assert_response :redirect
- assert_redirected_to root_path
- end
-
- def test_logout_with_referer
- post logout_path, :params => { :referer => "/test" }
- assert_response :redirect
- assert_redirected_to "/test"
- end
-
- def test_logout_fallback_without_referer
- get logout_path
- assert_response :success
- assert_template :logout
- assert_select "input[name=referer]:not([value])"
- end
-
- def test_logout_fallback_with_referer
- get logout_path, :params => { :referer => "/test" }
- assert_response :success
- assert_template :logout
- assert_select "input[name=referer][value=?]", "/test"
- end
-
- def test_logout_removes_session_token
- user = build(:user, :pending)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
-
- assert_difference "User.find_by(:email => user.email).tokens.count", -1 do
- post logout_path
- end
- assert_response :redirect
- assert_redirected_to root_path
- end
-
def test_confirm_get
user = build(:user, :pending)
post user_new_path, :params => { :user => user.attributes }
follow_redirect!
# We should now be at the login page
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
# We can now login
post "/login", :params => { "username" => user.email, "password" => "test" }
assert_response :redirect
follow_redirect!
# We should now be at the login page
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
# We can now login
post "/login", :params => { "username" => user.email, "password" => "test", :referer => "/diary/new" }
assert_response :redirect
try_password_login user.email.titlecase, "test"
- assert_template "login"
+ assert_template "sessions/new"
assert_select "span.username", false
end
try_password_login user.email, "test"
- assert_template "login"
+ assert_template "sessions/new"
assert_select "span.username", false
assert_select "div.flash.error", /your account has been suspended/ do
assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
try_password_login user.email.upcase, "test"
- assert_template "login"
+ assert_template "sessions/new"
assert_select "span.username", false
assert_select "div.flash.error", /your account has been suspended/ do
assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
try_password_login user.email.titlecase, "test"
- assert_template "login"
+ assert_template "sessions/new"
assert_select "span.username", false
assert_select "div.flash.error", /your account has been suspended/ do
assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
try_password_login user.display_name.downcase, "test"
- assert_template "login"
+ assert_template "sessions/new"
assert_select "span.username", false
end
try_password_login user.display_name, "test"
- assert_template "login"
+ assert_template "sessions/new"
assert_select "span.username", false
assert_select "div.flash.error", /your account has been suspended/ do
assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
try_password_login user.display_name.upcase, "test"
- assert_template "login"
+ assert_template "sessions/new"
assert_select "span.username", false
assert_select "div.flash.error", /your account has been suspended/ do
assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
try_password_login user.display_name.downcase, "test"
- assert_template "login"
+ assert_template "sessions/new"
assert_select "span.username", false
assert_select "div.flash.error", /your account has been suspended/ do
assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
assert_redirected_to login_path(:cookie_test => true, :referer => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "openid", :openid_url => "http://localhost:1123/john.doe", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/john.doe", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_redirected_to login_path(:cookie_test => true, :referer => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Connection to authentication provider failed"
assert_select "span.username", false
end
assert_redirected_to login_path(:cookie_test => true, :referer => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Invalid authentication credentials"
assert_select "span.username", false
end
assert_redirected_to login_path(:cookie_test => true, :referer => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "openid", :openid_url => "http://localhost:1123/fred.bloggs", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/fred.bloggs", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "google")
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "google")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Connection to authentication provider failed"
assert_select "span.username", false
end
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "google")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Invalid authentication credentials"
assert_select "span.username", false
end
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "google")
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "google")
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "facebook")
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "facebook")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Connection to authentication provider failed"
assert_select "span.username", false
end
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "facebook")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Invalid authentication credentials"
assert_select "span.username", false
end
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "facebook")
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "windowslive")
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "windowslive")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Connection to authentication provider failed"
assert_select "span.username", false
end
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "windowslive")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Invalid authentication credentials"
assert_select "span.username", false
end
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "windowslive")
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "github")
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "github")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Connection to authentication provider failed"
assert_select "span.username", false
end
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "github")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Invalid authentication credentials"
assert_select "span.username", false
end
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "github")
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Connection to authentication provider failed"
assert_select "span.username", false
end
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "div.flash.error", "Invalid authentication credentials"
assert_select "span.username", false
end
assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
assert_redirected_to login_path(:cookie_test => true)
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "input#username", 1 do
assert_select "[value]", false
end
assert_response :redirect
follow_redirect!
assert_response :success
- assert_template "login"
+ assert_template "sessions/new"
assert_select "input#username", 1 do
assert_select "[value=?]", username
end
get "/login"
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
assert_response :redirect
# but now we need to look at the terms
get "/login"
follow_redirect!
assert_response :success
- assert_template "users/login"
+ assert_template "sessions/new"
post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
assert_response :redirect
# but now we need to look at the terms
def test_view_issues_not_logged_in
visit issues_path
- assert page.has_content?(I18n.t("users.login.title"))
+ assert page.has_content?(I18n.t("sessions.new.title"))
end
def test_view_issues_normal_user