public/once-campfire
1
0
Fork 0
mirror of https://github.com/basecamp/once-campfire.git synced 2026-02-21 12:10:34 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
dde94b06ed656485baff58896e36863f329f2004
once-campfire/test/controllers/sessions_controller_test.rb
Rosa Gutierrez dde94b06ed Delete server-side session on logout 
When it's set. Also, store it in current attributes for convenience.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-16 09:31:22 +01:00

70 lines
2.1 KiB
Ruby
Raw Blame History

require "test_helper"
class SessionsControllerTest < ActionDispatch::IntegrationTest
ALLOWED_BROWSER = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15"
DISALLOWED_BROWSER = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0"
test "new" do
get new_session_url
assert_response :success
end
test "new redirects to first run when no users exist" do
User.destroy_all
get new_session_url
assert_redirected_to first_run_url
end
test "new denied with incompatible browser" do
get new_session_url, env: { "HTTP_USER_AGENT" => DISALLOWED_BROWSER }
assert_select "h1", /Upgrade to a supported web browser/
end
test "new allowed with compatible browser" do
get new_session_url, env: { "HTTP_USER_AGENT" => ALLOWED_BROWSER }
assert_select "h1", text: /Upgrade to a supported web browser/, count: 0
end
test "create with valid credentials" do
assert_difference -> { Session.count }, +1 do
post session_url, params: { email_address: "david@37signals.com", password: "secret123456" }
end
assert_redirected_to root_url
assert parsed_cookies.signed[:session_token]
end
test "create with invalid credentials" do
post session_url, params: { email_address: "david@37signals.com", password: "wrong" }
assert_response :unauthorized
assert_nil parsed_cookies.signed[:session_token]
end
test "destroy" do
sign_in :david
session = users(:david).sessions.last
assert_difference -> { Session.count }, -1 do
delete session_url
end
assert_redirected_to root_url
assert_not cookies[:session_token].present?
assert_nil Session.find_by(id: session.id)
end
test "destroy removes the push subscription for the device" do
sign_in :david
assert_difference -> { users(:david).push_subscriptions.count }, -1 do
delete session_url, params: { push_subscription_endpoint: push_subscriptions(:david_chrome).endpoint }
end
assert_redirected_to root_url
assert_not cookies[:session_token].present?
end
end
Reference in New Issue View Git Blame Copy Permalink