songtianlun/sample_rails_tailwind
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add user authentication checks

Browse Source 
- Implement before_action to ensure users are logged in
- Add logged_in_user method to handle redirection
- Update user fixture to include new user
- Enhance integration tests to check for login requirement

This commit introduces user authentication checks for the edit and
update actions in the UsersController. It ensures that only logged-in
users can access these actions, improving the security of the
application. Additionally, integration tests have been updated to
verify that users are redirected to the login page if they attempt
to edit or update their information without being logged in.
This commit is contained in:
songtianlun 2025-01-03 11:12:51 +08:00
parent 978c44b682
commit 23992ec4b2
3 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/users_controller.rb
View File

@ -1,5 +1,6 @@
class UsersController < ApplicationController class UsersController < ApplicationController
include SessionsHelper include SessionsHelper
before_action :logged_in_user, only: [:edit, :update]
def show def show
@user = User.find(params[:id]) @user = User.find(params[:id])
# debugger # debugger
@ -43,4 +44,11 @@ class UsersController < ApplicationController
params.require(:user).permit(:name, :email, :password, params.require(:user).permit(:name, :email, :password,
:password_confirmation) :password_confirmation)
end end
def logged_in_user
unless logged_in?
flash[:danger] = "Please log in."
redirect_to login_url
end
end
end end

5
test/fixtures/users.yml vendored
View File

@ -8,3 +8,8 @@ michael:
name: Michael Example name: Michael Example
email: michael@example.com email: michael@example.com
password_digest: <%= User.digest('password') %> password_digest: <%= User.digest('password') %>
archer:
name: Sterling Archer
email: suchess@example.gov
password_digest: <%= User.digest('password') %>

15
test/integration/users_edit_test.rb
View File

@ -6,6 +6,7 @@ class UsersEditTest < ActionDispatch::IntegrationTest
end end
test "successful edit" do test "successful edit" do
log_in_as(@user)
get edit_user_path(@user) get edit_user_path(@user)
assert_template 'users/edit' assert_template 'users/edit'
name = "Foo Bae" name = "Foo Bae"
@ -22,6 +23,7 @@ class UsersEditTest < ActionDispatch::IntegrationTest
end end
test "unsuccessful edit" do test "unsuccessful edit" do
log_in_as(@user)
get edit_user_path(@user) get edit_user_path(@user)
assert_template 'users/edit' assert_template 'users/edit'
patch user_path(@user), params: { user: { name: "", patch user_path(@user), params: { user: { name: "",
@ -31,4 +33,17 @@ class UsersEditTest < ActionDispatch::IntegrationTest
} } } }
assert_template 'users/edit' assert_template 'users/edit'
end end
test "should redirect edit when not logged in" do
get edit_user_path(@user)
assert_not flash.empty?
assert_redirected_to login_url
end
test "should redirect update when not logged in" do
patch user_path(@user), params: { user: { name: @user.name,
email: @user.email } }
assert_not flash.empty?
assert_redirected_to login_url
end
end end