From 23992ec4b2c2efbf8489e3ce4111c1f20032b027 Mon Sep 17 00:00:00 2001
From: songtianlun <tianlun.song@foxmail.com>
Date: Fri, 3 Jan 2025 11:12:51 +0800
Subject: [PATCH] feat: add user authentication checks

- Implement before_action to ensure users are logged in
- Add logged_in_user method to handle redirection
- Update user fixture to include new user
- Enhance integration tests to check for login requirement

This commit introduces user authentication checks for the edit and
update actions in the UsersController. It ensures that only logged-in
users can access these actions, improving the security of the
application. Additionally, integration tests have been updated to
verify that users are redirected to the login page if they attempt
to edit or update their information without being logged in.
---
 app/controllers/users_controller.rb |  8 ++++++++
 test/fixtures/users.yml             |  5 +++++
 test/integration/users_edit_test.rb | 15 +++++++++++++++
 3 files changed, 28 insertions(+)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 87bf36a..b095df5 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,5 +1,6 @@
 class UsersController < ApplicationController
   include SessionsHelper
+  before_action :logged_in_user, only: [:edit, :update]
   def show
     @user = User.find(params[:id])
     # debugger
@@ -43,4 +44,11 @@ class UsersController < ApplicationController
     params.require(:user).permit(:name, :email, :password,
                                  :password_confirmation)
   end
+
+  def logged_in_user
+    unless logged_in?
+      flash[:danger] = "Please log in."
+      redirect_to login_url
+    end
+  end
 end
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index ff617e0..bfcca93 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -7,4 +7,9 @@ one:
 michael:
   name: Michael Example
   email: michael@example.com
+  password_digest: <%= User.digest('password') %>
+
+archer:
+  name: Sterling Archer
+  email: suchess@example.gov
   password_digest: <%= User.digest('password') %>
\ No newline at end of file
diff --git a/test/integration/users_edit_test.rb b/test/integration/users_edit_test.rb
index 80cd533..6d0e549 100644
--- a/test/integration/users_edit_test.rb
+++ b/test/integration/users_edit_test.rb
@@ -6,6 +6,7 @@ class UsersEditTest < ActionDispatch::IntegrationTest
   end
 
   test "successful edit" do
+    log_in_as(@user)
     get edit_user_path(@user)
     assert_template 'users/edit'
     name = "Foo Bae"
@@ -22,6 +23,7 @@ class UsersEditTest < ActionDispatch::IntegrationTest
   end
 
   test "unsuccessful edit" do
+    log_in_as(@user)
     get edit_user_path(@user)
     assert_template 'users/edit'
     patch user_path(@user), params: { user: { name: "",
@@ -31,4 +33,17 @@ class UsersEditTest < ActionDispatch::IntegrationTest
                             } }
     assert_template 'users/edit'
   end
+
+  test "should redirect edit when not logged in" do
+    get edit_user_path(@user)
+    assert_not flash.empty?
+    assert_redirected_to login_url
+  end
+
+  test "should redirect update when not logged in" do
+    patch user_path(@user), params: { user: { name: @user.name,
+                                              email: @user.email } }
+    assert_not flash.empty?
+    assert_redirected_to login_url
+  end
 end