songtianlun
23992ec4b2
- Implement before_action to ensure users are logged in - Add logged_in_user method to handle redirection - Update user fixture to include new user - Enhance integration tests to check for login requirement This commit introduces user authentication checks for the edit and update actions in the UsersController. It ensures that only logged-in users can access these actions, improving the security of the application. Additionally, integration tests have been updated to verify that users are redirected to the login page if they attempt to edit or update their information without being logged in.
50 lines
1.6 KiB
Ruby
50 lines
1.6 KiB
Ruby
require "test_helper"
|
|
|
|
class UsersEditTest < ActionDispatch::IntegrationTest
|
|
def setup
|
|
@user = users(:michael)
|
|
end
|
|
|
|
test "successful edit" do
|
|
log_in_as(@user)
|
|
get edit_user_path(@user)
|
|
assert_template 'users/edit'
|
|
name = "Foo Bae"
|
|
email = "foo@bar.com"
|
|
patch user_path(@user), params: { user: { name: name,
|
|
email: email,
|
|
password: "",
|
|
password_confirmation: "" } }
|
|
assert_not flash.empty?
|
|
assert_redirected_to @user
|
|
@user.reload
|
|
assert_equal name, @user.name
|
|
assert_equal email, @user.email
|
|
end
|
|
|
|
test "unsuccessful edit" do
|
|
log_in_as(@user)
|
|
get edit_user_path(@user)
|
|
assert_template 'users/edit'
|
|
patch user_path(@user), params: { user: { name: "",
|
|
email: "foo@invalid",
|
|
password: "foo",
|
|
password_confirmation: "bar"
|
|
} }
|
|
assert_template 'users/edit'
|
|
end
|
|
|
|
test "should redirect edit when not logged in" do
|
|
get edit_user_path(@user)
|
|
assert_not flash.empty?
|
|
assert_redirected_to login_url
|
|
end
|
|
|
|
test "should redirect update when not logged in" do
|
|
patch user_path(@user), params: { user: { name: @user.name,
|
|
email: @user.email } }
|
|
assert_not flash.empty?
|
|
assert_redirected_to login_url
|
|
end
|
|
end
|