songtianlun/sample_rails_tailwind
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d86005cbd0
sample_rails_tailwind/test/integration/users_edit_test.rb
songtianlun 2b03661431 feat: add user authentication and authorization 
- Implement friendly forwarding for user login
- Add correct_user method to ensure users can only edit their own profiles
- Update sessions_controller to handle forwarding URL
- Enhance user controller tests to verify redirection for unauthorized access

These changes improve user experience by allowing users to be redirected
back to their intended page after logging in. Additionally, the new
correct_user method enhances security by preventing users from editing
other users' profiles, ensuring proper authorization checks are in place.
2025-01-03 13:48:59 +08:00

61 lines
1.9 KiB
Ruby
Raw Blame History

require "test_helper"
class UsersEditTest < ActionDispatch::IntegrationTest
def setup
@user = users(:michael)
end
test "friendly forwarding just in first login" do
get edit_user_path(@user)
log_in_as(@user)
assert_redirected_to edit_user_url(@user)
delete logout_path
assert_redirected_to root_url
log_in_as(@user)
assert_redirected_to user_url(@user)
end
test "successful edit with friendly forwarding" do
get edit_user_path(@user)
log_in_as(@user)
assert_redirected_to edit_user_url(@user)
assert_template 'users/edit'
name = "Foo Bae"
email = "foo@bar.com"
patch user_path(@user), params: { user: { name: name,
email: email,
password: "",
password_confirmation: "" } }
assert_not flash.empty?
assert_redirected_to @user
@user.reload
assert_equal name, @user.name
assert_equal email, @user.email
end
test "unsuccessful edit" do
log_in_as(@user)
get edit_user_path(@user)
assert_template 'users/edit'
patch user_path(@user), params: { user: { name: "",
email: "foo@invalid",
password: "foo",
password_confirmation: "bar"
} }
assert_template 'users/edit'
end
test "should redirect edit when not logged in" do
get edit_user_path(@user)
assert_not flash.empty?
assert_redirected_to login_url
end
test "should redirect update when not logged in" do
patch user_path(@user), params: { user: { name: @user.name,
email: @user.email } }
assert_not flash.empty?
assert_redirected_to login_url
end
end
Reference in New Issue View Git Blame Copy Permalink