songtianlun
2b03661431
- Implement friendly forwarding for user login - Add correct_user method to ensure users can only edit their own profiles - Update sessions_controller to handle forwarding URL - Enhance user controller tests to verify redirection for unauthorized access These changes improve user experience by allowing users to be redirected back to their intended page after logging in. Additionally, the new correct_user method enhances security by preventing users from editing other users' profiles, ensuring proper authorization checks are in place.
34 lines
869 B
Ruby
34 lines
869 B
Ruby
require "test_helper"
|
|
|
|
class UsersControllerTest < ActionDispatch::IntegrationTest
|
|
def setup
|
|
@user = users(:michael)
|
|
@other_user = users(:archer)
|
|
end
|
|
test "should get new" do
|
|
get signup_path
|
|
assert_response :success
|
|
end
|
|
|
|
test "Should get sign up title" do
|
|
get signup_path
|
|
assert_response :success
|
|
assert_select "title", full_title("Sign up")
|
|
end
|
|
|
|
test "should redirect edit when logged in as wrong user" do
|
|
log_in_as(@other_user)
|
|
get edit_user_path(@user)
|
|
assert flash.empty?
|
|
assert_redirected_to root_url
|
|
end
|
|
|
|
test "should redirect update when logged in as wrong user" do
|
|
log_in_as(@other_user)
|
|
patch user_path(@user), params: { user: { name: @user.name,
|
|
email: @user.email } }
|
|
assert flash.empty?
|
|
assert_redirected_to root_url
|
|
end
|
|
end
|