From f18baae22e4088af7f252c82f3c4a2576862a438 Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 10 Mar 2021 14:15:14 +0000 Subject: [PATCH] Refactor login/logout into sessions controller Certain controller methods are shared with oauth-based logins, and these have been moved to a concern. --- .rubocop_todo.yml | 1 + app/abilities/ability.rb | 3 +- app/controllers/concerns/session_methods.rb | 98 +++++++++++++ app/controllers/sessions_controller.rb | 59 ++++++++ app/controllers/users_controller.rb | 134 +----------------- app/helpers/user_helper.rb | 6 +- .../destroy.html.erb} | 0 .../login.html.erb => sessions/new.html.erb} | 0 config/locales/en.yml | 105 +++++++------- config/routes.rb | 5 +- test/controllers/users_controller_test.rb | 20 +-- .../user_changeset_comments_test.rb | 2 +- test/integration/user_diaries_test.rb | 2 +- test/integration/user_login_test.rb | 94 ++++++------ test/integration/user_terms_seen_test.rb | 4 +- test/system/issues_test.rb | 2 +- 16 files changed, 285 insertions(+), 250 deletions(-) create mode 100644 app/controllers/concerns/session_methods.rb create mode 100644 app/controllers/sessions_controller.rb rename app/views/{users/logout.html.erb => sessions/destroy.html.erb} (100%) rename app/views/{users/login.html.erb => sessions/new.html.erb} (100%) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index cc90d168e..5833a6e35 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -155,6 +155,7 @@ Rails/NotNullColumn: # Offense count: 8 Rails/OutputSafety: Exclude: + - 'app/controllers/sessions_controller.rb' - 'app/controllers/users_controller.rb' - 'app/helpers/application_helper.rb' - 'lib/rich_text.rb' diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb index d91b7a2e7..b8aa82689 100644 --- a/app/abilities/ability.rb +++ b/app/abilities/ability.rb @@ -19,8 +19,9 @@ class Ability can [:index, :rss, :show, :comments], DiaryEntry can [:index], Note can [:index, :show], Redaction + can [:new, :create, :destroy], :session can [:index, :show, :data, :georss, :picture, :icon], Trace - can [:terms, :login, :logout, :new, :create, :save, :confirm, :confirm_resend, :confirm_email, :lost_password, :reset_password, :show, :auth_success, :auth_failure], User + can [:terms, :new, :create, :save, :confirm, :confirm_resend, :confirm_email, :lost_password, :reset_password, :show, :auth_success, :auth_failure], User can [:index, :show, :blocks_on, :blocks_by], UserBlock can [:index, :show], Node can [:index, :show, :full, :ways_for_node], Way diff --git a/app/controllers/concerns/session_methods.rb b/app/controllers/concerns/session_methods.rb new file mode 100644 index 000000000..089a82ed4 --- /dev/null +++ b/app/controllers/concerns/session_methods.rb @@ -0,0 +1,98 @@ +module SessionMethods + extend ActiveSupport::Concern + + private + + ## + # return the URL to use for authentication + def auth_url(provider, uid, referer = nil) + params = { :provider => provider } + + params[:openid_url] = openid_expand_url(uid) if provider == "openid" + + if referer.nil? + params[:origin] = request.path + else + params[:origin] = "#{request.path}?referer=#{CGI.escape(referer)}" + params[:referer] = referer + end + + auth_path(params) + end + + ## + # special case some common OpenID providers by applying heuristics to + # try and come up with the correct URL based on what the user entered + def openid_expand_url(openid_url) + if openid_url.nil? + nil + elsif openid_url.match(%r{(.*)gmail.com(/?)$}) || openid_url.match(%r{(.*)googlemail.com(/?)$}) + # Special case gmail.com as it is potentially a popular OpenID + # provider and, unlike yahoo.com, where it works automatically, Google + # have hidden their OpenID endpoint somewhere obscure this making it + # somewhat less user friendly. + "https://www.google.com/accounts/o8/id" + else + openid_url + end + end + + ## + # process a successful login + def successful_login(user, referer = nil) + session[:user] = user.id + session[:fingerprint] = user.fingerprint + session_expires_after 28.days if session[:remember_me] + + target = referer || session[:referer] || url_for(:controller => :site, :action => :index) + + # The user is logged in, so decide where to send them: + # + # - If they haven't seen the contributor terms, send them there. + # - If they have a block on them, show them that. + # - If they were referred to the login, send them back there. + # - Otherwise, send them to the home page. + if !user.terms_seen + redirect_to :controller => :users, :action => :terms, :referer => target + elsif user.blocked_on_view + redirect_to user.blocked_on_view, :referer => target + else + redirect_to target + end + + session.delete(:remember_me) + session.delete(:referer) + end + + ## + # process a failed login + def failed_login(message, username = nil) + flash[:error] = message + + redirect_to :action => "new", :referer => session[:referer], + :username => username, :remember_me => session[:remember_me] + + session.delete(:remember_me) + session.delete(:referer) + end + + ## + # + def unconfirmed_login(user) + session[:token] = user.tokens.create.token + + redirect_to :controller => "users", :action => "confirm", :display_name => user.display_name + + session.delete(:remember_me) + session.delete(:referer) + end + + ## + # + def disable_terms_redirect + # this is necessary otherwise going to the user terms page, when + # having not agreed already would cause an infinite redirect loop. + # it's .now so that this doesn't propagate to other pages. + flash.now[:skip_terms] = true + end +end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb new file mode 100644 index 000000000..130471670 --- /dev/null +++ b/app/controllers/sessions_controller.rb @@ -0,0 +1,59 @@ +class SessionsController < ApplicationController + include SessionMethods + + layout "site" + + before_action :disable_terms_redirect, :only => [:destroy] + before_action :require_cookies, :only => [:new] + + authorize_resource :class => false + + def new + append_content_security_policy_directives( + :form_action => %w[*] + ) + + session[:referer] = safe_referer(params[:referer]) if params[:referer] + end + + def create + session[:remember_me] ||= params[:remember_me] + session[:referer] = safe_referer(params[:referer]) if params[:referer] + password_authentication(params[:username], params[:password]) + end + + def destroy + @title = t "sessions.destroy.title" + + if request.post? + if session[:token] + token = UserToken.find_by(:token => session[:token]) + token&.destroy + session.delete(:token) + end + session.delete(:user) + session_expires_automatically + if params[:referer] + redirect_to safe_referer(params[:referer]) + else + redirect_to :controller => "site", :action => "index" + end + end + end + + private + + ## + # handle password authentication + def password_authentication(username, password) + if (user = User.authenticate(:username => username, :password => password)) + successful_login(user) + elsif (user = User.authenticate(:username => username, :password => password, :pending => true)) + unconfirmed_login(user) + elsif User.authenticate(:username => username, :password => password, :suspended => true) + failed_login t("sessions.new.account is suspended", :webmaster => "mailto:#{Settings.support_email}").html_safe, username + else + failed_login t("sessions.new.auth failure"), username + end + end +end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index e4dd1b2dc..ca3726210 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,8 +1,10 @@ class UsersController < ApplicationController + include SessionMethods + layout "site" skip_before_action :verify_authenticity_token, :only => [:auth_success] - before_action :disable_terms_redirect, :only => [:terms, :save, :logout] + before_action :disable_terms_redirect, :only => [:terms, :save] before_action :authorize_web before_action :set_locale before_action :check_database_readable @@ -11,7 +13,7 @@ class UsersController < ApplicationController before_action :require_self, :only => [:account] before_action :check_database_writable, :only => [:new, :account, :confirm, :confirm_email, :lost_password, :reset_password, :go_public] - before_action :require_cookies, :only => [:new, :login, :confirm] + before_action :require_cookies, :only => [:new, :confirm] before_action :lookup_user_by_name, :only => [:set_status, :destroy] before_action :allow_thirdparty_images, :only => [:show, :account] @@ -269,38 +271,6 @@ class UsersController < ApplicationController end end - def login - append_content_security_policy_directives( - :form_action => %w[*] - ) - - session[:referer] = safe_referer(params[:referer]) if params[:referer] - - if request.post? - session[:remember_me] ||= params[:remember_me] - password_authentication(params[:username], params[:password]) - end - end - - def logout - @title = t "users.logout.title" - - if request.post? - if session[:token] - token = UserToken.find_by(:token => session[:token]) - token&.destroy - session.delete(:token) - end - session.delete(:user) - session_expires_automatically - if params[:referer] - redirect_to safe_referer(params[:referer]) - else - redirect_to :controller => "site", :action => "index" - end - end - end - def confirm if request.post? token = UserToken.find_by(:token => params[:confirm_string]) @@ -514,93 +484,6 @@ class UsersController < ApplicationController private - ## - # handle password authentication - def password_authentication(username, password) - if user = User.authenticate(:username => username, :password => password) - successful_login(user) - elsif user = User.authenticate(:username => username, :password => password, :pending => true) - unconfirmed_login(user) - elsif User.authenticate(:username => username, :password => password, :suspended => true) - failed_login t("users.login.account is suspended", :webmaster => "mailto:#{Settings.support_email}").html_safe, username - else - failed_login t("users.login.auth failure"), username - end - end - - ## - # return the URL to use for authentication - def auth_url(provider, uid, referer = nil) - params = { :provider => provider } - - params[:openid_url] = openid_expand_url(uid) if provider == "openid" - - if referer.nil? - params[:origin] = request.path - else - params[:origin] = "#{request.path}?referer=#{CGI.escape(referer)}" - params[:referer] = referer - end - - auth_path(params) - end - - ## - # special case some common OpenID providers by applying heuristics to - # try and come up with the correct URL based on what the user entered - def openid_expand_url(openid_url) - if openid_url.nil? - nil - elsif openid_url.match(%r{(.*)gmail.com(/?)$}) || openid_url.match(%r{(.*)googlemail.com(/?)$}) - # Special case gmail.com as it is potentially a popular OpenID - # provider and, unlike yahoo.com, where it works automatically, Google - # have hidden their OpenID endpoint somewhere obscure this making it - # somewhat less user friendly. - "https://www.google.com/accounts/o8/id" - else - openid_url - end - end - - ## - # process a successful login - def successful_login(user, referer = nil) - session[:user] = user.id - session[:fingerprint] = user.fingerprint - session_expires_after 28.days if session[:remember_me] - - target = referer || session[:referer] || url_for(:controller => :site, :action => :index) - - # The user is logged in, so decide where to send them: - # - # - If they haven't seen the contributor terms, send them there. - # - If they have a block on them, show them that. - # - If they were referred to the login, send them back there. - # - Otherwise, send them to the home page. - if !user.terms_seen - redirect_to :action => :terms, :referer => target - elsif user.blocked_on_view - redirect_to user.blocked_on_view, :referer => target - else - redirect_to target - end - - session.delete(:remember_me) - session.delete(:referer) - end - - ## - # process a failed login - def failed_login(message, username = nil) - flash[:error] = message - - redirect_to :action => "login", :referer => session[:referer], - :username => username, :remember_me => session[:remember_me] - - session.delete(:remember_me) - session.delete(:referer) - end - ## # def unconfirmed_login(user) @@ -698,15 +581,6 @@ class UsersController < ApplicationController redirect_to :action => "view", :display_name => params[:display_name] unless @user end - ## - # - def disable_terms_redirect - # this is necessary otherwise going to the user terms page, when - # having not agreed already would cause an infinite redirect loop. - # it's .now so that this doesn't propagate to other pages. - flash.now[:skip_terms] = true - end - ## # return permitted user parameters def user_params diff --git a/app/helpers/user_helper.rb b/app/helpers/user_helper.rb index 39532572e..e9e8f6bfb 100644 --- a/app/helpers/user_helper.rb +++ b/app/helpers/user_helper.rb @@ -53,16 +53,16 @@ module UserHelper # External authentication support def openid_logo - image_tag "openid_small.png", :alt => t("users.login.openid_logo_alt"), :class => "openid_logo" + image_tag "openid_small.png", :alt => t("sessions.new.openid_logo_alt"), :class => "openid_logo" end def auth_button(name, provider, options = {}) link_to( - image_tag("#{name}.svg", :alt => t("users.login.auth_providers.#{name}.alt"), :class => "rounded-lg"), + image_tag("#{name}.svg", :alt => t("sessions.new.auth_providers.#{name}.alt"), :class => "rounded-lg"), auth_path(options.merge(:provider => provider)), :method => :post, :class => "auth_button", - :title => t("users.login.auth_providers.#{name}.title") + :title => t("sessions.new.auth_providers.#{name}.title") ) end diff --git a/app/views/users/logout.html.erb b/app/views/sessions/destroy.html.erb similarity index 100% rename from app/views/users/logout.html.erb rename to app/views/sessions/destroy.html.erb diff --git a/app/views/users/login.html.erb b/app/views/sessions/new.html.erb similarity index 100% rename from app/views/users/login.html.erb rename to app/views/sessions/new.html.erb diff --git a/config/locales/en.yml b/config/locales/en.yml index 62fc7bc6a..e1907b936 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1586,6 +1586,59 @@ en: as_unread: "Message marked as unread" destroy: destroyed: "Message deleted" + sessions: + new: + title: "Login" + heading: "Login" + email or username: "Email Address or Username:" + password: "Password:" + openid_html: "%{logo} OpenID:" + remember: "Remember me" + lost password link: "Lost your password?" + login_button: "Login" + register now: Register now + with username: "Already have an OpenStreetMap account? Please login with your username and password:" + with external: "Alternatively, use a third party to login:" + new to osm: New to OpenStreetMap? + to make changes: To make changes to the OpenStreetMap data, you must have an account. + create account minute: Create an account. It only takes a minute. + no account: Don't have an account? + account not active: "Sorry, your account is not active yet.
Please use the link in the account confirmation email to activate your account, or request a new confirmation email." + account is suspended: Sorry, your account has been suspended due to suspicious activity.
Please contact the webmaster if you wish to discuss this. + auth failure: "Sorry, could not log in with those details." + openid_logo_alt: "Log in with an OpenID" + auth_providers: + openid: + title: Login with OpenID + alt: Login with an OpenID URL + google: + title: Login with Google + alt: Login with a Google OpenID + facebook: + title: Login with Facebook + alt: Login with a Facebook Account + windowslive: + title: Login with Windows Live + alt: Login with a Windows Live Account + github: + title: Login with GitHub + alt: Login with a GitHub Account + wikipedia: + title: Login with Wikipedia + alt: Login with a Wikipedia Account + yahoo: + title: Login with Yahoo + alt: Login with a Yahoo OpenID + wordpress: + title: Login with Wordpress + alt: Login with a Wordpress OpenID + aol: + title: Login with AOL + alt: Login with an AOL OpenID + destroy: + title: "Logout" + heading: "Logout from OpenStreetMap" + logout_button: "Logout" shared: markdown_help: title_html: Parsed with kramdown @@ -2221,58 +2274,6 @@ en: destroy: flash: "Destroyed the client application registration" users: - login: - title: "Login" - heading: "Login" - email or username: "Email Address or Username:" - password: "Password:" - openid_html: "%{logo} OpenID:" - remember: "Remember me" - lost password link: "Lost your password?" - login_button: "Login" - register now: Register now - with username: "Already have an OpenStreetMap account? Please login with your username and password:" - with external: "Alternatively, use a third party to login:" - new to osm: New to OpenStreetMap? - to make changes: To make changes to the OpenStreetMap data, you must have an account. - create account minute: Create an account. It only takes a minute. - no account: Don't have an account? - account not active: "Sorry, your account is not active yet.
Please use the link in the account confirmation email to activate your account, or request a new confirmation email." - account is suspended: Sorry, your account has been suspended due to suspicious activity.
Please contact the webmaster if you wish to discuss this. - auth failure: "Sorry, could not log in with those details." - openid_logo_alt: "Log in with an OpenID" - auth_providers: - openid: - title: Login with OpenID - alt: Login with an OpenID URL - google: - title: Login with Google - alt: Login with a Google OpenID - facebook: - title: Login with Facebook - alt: Login with a Facebook Account - windowslive: - title: Login with Windows Live - alt: Login with a Windows Live Account - github: - title: Login with GitHub - alt: Login with a GitHub Account - wikipedia: - title: Login with Wikipedia - alt: Login with a Wikipedia Account - yahoo: - title: Login with Yahoo - alt: Login with a Yahoo OpenID - wordpress: - title: Login with Wordpress - alt: Login with a Wordpress OpenID - aol: - title: Login with AOL - alt: Login with an AOL OpenID - logout: - title: "Logout" - heading: "Logout from OpenStreetMap" - logout_button: "Logout" lost_password: title: "Lost password" heading: "Forgotten Password?" diff --git a/config/routes.rb b/config/routes.rb index 97cedd965..1ba4eaa24 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -145,8 +145,9 @@ OpenStreetMap::Application.routes.draw do get "/history/feed" => "changesets#feed", :defaults => { :format => :atom } get "/history/comments/feed" => "changeset_comments#index", :as => :changesets_comments_feed, :defaults => { :format => "rss" } get "/export" => "site#export" - match "/login" => "users#login", :via => [:get, :post] - match "/logout" => "users#logout", :via => [:get, :post] + get "/login" => "sessions#new" + post "/login" => "sessions#create" + match "/logout" => "sessions#destroy", :via => [:get, :post] get "/offline" => "site#offline" get "/key" => "site#key" get "/id" => "site#id" diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb index ff87c9466..7d8f569f0 100644 --- a/test/controllers/users_controller_test.rb +++ b/test/controllers/users_controller_test.rb @@ -6,27 +6,27 @@ class UsersControllerTest < ActionDispatch::IntegrationTest def test_routes assert_routing( { :path => "/login", :method => :get }, - { :controller => "users", :action => "login" } + { :controller => "sessions", :action => "new" } ) assert_routing( { :path => "/login", :method => :post }, - { :controller => "users", :action => "login" } + { :controller => "sessions", :action => "create" } ) assert_recognizes( - { :controller => "users", :action => "login", :format => "html" }, + { :controller => "sessions", :action => "new", :format => "html" }, { :path => "/login.html", :method => :get } ) assert_routing( { :path => "/logout", :method => :get }, - { :controller => "users", :action => "logout" } + { :controller => "sessions", :action => "destroy" } ) assert_routing( { :path => "/logout", :method => :post }, - { :controller => "users", :action => "logout" } + { :controller => "sessions", :action => "destroy" } ) assert_recognizes( - { :controller => "users", :action => "logout", :format => "html" }, + { :controller => "sessions", :action => "destroy", :format => "html" }, { :path => "/logout.html", :method => :get } ) @@ -414,11 +414,11 @@ class UsersControllerTest < ActionDispatch::IntegrationTest assert_redirected_to login_path(:cookie_test => true) follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" get login_path, :params => { :username => user.display_name, :password => "test" } assert_response :success - assert_template "login" + assert_template "sessions/new" post login_path, :params => { :username => user.display_name, :password => "test" } assert_response :redirect @@ -440,14 +440,14 @@ class UsersControllerTest < ActionDispatch::IntegrationTest def test_logout_fallback_without_referer get logout_path assert_response :success - assert_template :logout + assert_template "sessions/destroy" assert_select "input[name=referer]:not([value])" end def test_logout_fallback_with_referer get logout_path, :params => { :referer => "/test" } assert_response :success - assert_template :logout + assert_template "sessions/destroy" assert_select "input[name=referer][value=?]", "/test" end diff --git a/test/integration/user_changeset_comments_test.rb b/test/integration/user_changeset_comments_test.rb index 2953f5fe2..2483f1543 100644 --- a/test/integration/user_changeset_comments_test.rb +++ b/test/integration/user_changeset_comments_test.rb @@ -30,7 +30,7 @@ class UserChangesetCommentsTest < ActionDispatch::IntegrationTest follow_redirect! # We should now be at the login page assert_response :success - assert_template "users/login" + assert_template "sessions/new" # We can now login post "/login", :params => { "username" => user.email, "password" => "test" } assert_response :redirect diff --git a/test/integration/user_diaries_test.rb b/test/integration/user_diaries_test.rb index e090342c1..0b3ee930d 100644 --- a/test/integration/user_diaries_test.rb +++ b/test/integration/user_diaries_test.rb @@ -11,7 +11,7 @@ class UserDiariesTest < ActionDispatch::IntegrationTest follow_redirect! # We should now be at the login page assert_response :success - assert_template "users/login" + assert_template "sessions/new" # We can now login post "/login", :params => { "username" => user.email, "password" => "test", :referer => "/diary/new" } assert_response :redirect diff --git a/test/integration/user_login_test.rb b/test/integration/user_login_test.rb index 509d2525c..589f19a23 100644 --- a/test/integration/user_login_test.rb +++ b/test/integration/user_login_test.rb @@ -47,7 +47,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest try_password_login user.email.titlecase, "test" - assert_template "login" + assert_template "sessions/new" assert_select "span.username", false end @@ -111,7 +111,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest try_password_login user.email, "test" - assert_template "login" + assert_template "sessions/new" assert_select "span.username", false assert_select "div.flash.error", /your account has been suspended/ do assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" @@ -123,7 +123,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest try_password_login user.email.upcase, "test" - assert_template "login" + assert_template "sessions/new" assert_select "span.username", false assert_select "div.flash.error", /your account has been suspended/ do assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" @@ -135,7 +135,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest try_password_login user.email.titlecase, "test" - assert_template "login" + assert_template "sessions/new" assert_select "span.username", false assert_select "div.flash.error", /your account has been suspended/ do assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" @@ -204,7 +204,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest try_password_login user.display_name.downcase, "test" - assert_template "login" + assert_template "sessions/new" assert_select "span.username", false end @@ -268,7 +268,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest try_password_login user.display_name, "test" - assert_template "login" + assert_template "sessions/new" assert_select "span.username", false assert_select "div.flash.error", /your account has been suspended/ do assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" @@ -280,7 +280,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest try_password_login user.display_name.upcase, "test" - assert_template "login" + assert_template "sessions/new" assert_select "span.username", false assert_select "div.flash.error", /your account has been suspended/ do assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" @@ -292,7 +292,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest try_password_login user.display_name.downcase, "test" - assert_template "login" + assert_template "sessions/new" assert_select "span.username", false assert_select "div.flash.error", /your account has been suspended/ do assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" @@ -358,7 +358,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path(:cookie_test => true, :referer => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "openid", :openid_url => "http://localhost:1123/john.doe", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/john.doe", :origin => "/login?referer=%2Fhistory", :referer => "/history") @@ -379,7 +379,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path(:cookie_test => true, :referer => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history") @@ -390,7 +390,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Connection to authentication provider failed" assert_select "span.username", false end @@ -404,7 +404,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path(:cookie_test => true, :referer => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history") @@ -415,7 +415,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Invalid authentication credentials" assert_select "span.username", false end @@ -428,7 +428,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path(:cookie_test => true, :referer => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "openid", :openid_url => "http://localhost:1123/fred.bloggs", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/fred.bloggs", :origin => "/login?referer=%2Fhistory", :referer => "/history") @@ -451,7 +451,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "google") @@ -471,7 +471,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "google") @@ -482,7 +482,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Connection to authentication provider failed" assert_select "span.username", false end @@ -495,7 +495,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "google") @@ -506,7 +506,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Invalid authentication credentials" assert_select "span.username", false end @@ -521,7 +521,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "google") @@ -544,7 +544,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "google") @@ -569,7 +569,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "facebook") @@ -589,7 +589,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "facebook") @@ -600,7 +600,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Connection to authentication provider failed" assert_select "span.username", false end @@ -613,7 +613,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "facebook") @@ -624,7 +624,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Invalid authentication credentials" assert_select "span.username", false end @@ -637,7 +637,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "facebook") @@ -658,7 +658,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "windowslive") @@ -678,7 +678,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "windowslive") @@ -689,7 +689,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Connection to authentication provider failed" assert_select "span.username", false end @@ -702,7 +702,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "windowslive") @@ -713,7 +713,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Invalid authentication credentials" assert_select "span.username", false end @@ -726,7 +726,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "windowslive") @@ -747,7 +747,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "github") @@ -767,7 +767,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "github") @@ -778,7 +778,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Connection to authentication provider failed" assert_select "span.username", false end @@ -791,7 +791,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "github") @@ -802,7 +802,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Invalid authentication credentials" assert_select "span.username", false end @@ -815,7 +815,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "github") @@ -836,7 +836,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history") @@ -856,7 +856,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history") @@ -867,7 +867,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Connection to authentication provider failed" assert_select "span.username", false end @@ -880,7 +880,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history") @@ -891,7 +891,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "div.flash.error", "Invalid authentication credentials" assert_select "span.username", false end @@ -904,7 +904,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history") follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history") assert_response :redirect assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history") @@ -924,7 +924,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_redirected_to login_path(:cookie_test => true) follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "input#username", 1 do assert_select "[value]", false end @@ -939,7 +939,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_response :redirect follow_redirect! assert_response :success - assert_template "login" + assert_template "sessions/new" assert_select "input#username", 1 do assert_select "[value=?]", username end diff --git a/test/integration/user_terms_seen_test.rb b/test/integration/user_terms_seen_test.rb index 4bffd99de..f7d3f2e54 100644 --- a/test/integration/user_terms_seen_test.rb +++ b/test/integration/user_terms_seen_test.rb @@ -22,7 +22,7 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest get "/login" follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" } assert_response :redirect # but now we need to look at the terms @@ -47,7 +47,7 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest get "/login" follow_redirect! assert_response :success - assert_template "users/login" + assert_template "sessions/new" post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" } assert_response :redirect # but now we need to look at the terms diff --git a/test/system/issues_test.rb b/test/system/issues_test.rb index 1fdbe1373..4c84d44fc 100644 --- a/test/system/issues_test.rb +++ b/test/system/issues_test.rb @@ -5,7 +5,7 @@ class IssuesTest < ApplicationSystemTestCase def test_view_issues_not_logged_in visit issues_path - assert page.has_content?(I18n.t("users.login.title")) + assert page.has_content?(I18n.t("sessions.new.title")) end def test_view_issues_normal_user -- 2.39.5