summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/controllers/sessions_controller.rb11
-rw-r--r--spec/controllers/sessions_controller_spec.rb12
2 files changed, 20 insertions, 3 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index d16e5389..b4f64644 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -4,9 +4,14 @@ class SessionsController < ApplicationController
end
def create
- user_session = Session.login(session_params[:username], session_params[:password])
- cookies.signed[:cookie_monster] = user_session.id
- render nothing: true
+ @session = Session.login(session_params[:username], session_params[:password])
+ if @session
+ cookies.signed[:cookie_monster] = @session.id
+ render nothing: true
+ else
+ flash[:error] = "invalid credentials"
+ render :new
+ end
end
private
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 226dc27c..eaaaf3fe 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -23,5 +23,17 @@ describe SessionsController do
expect(cookies.signed[:cookie_monster]).to eql(user_session.id)
end
end
+
+ context "when the username is not known" do
+ before :each do
+ Session.stub(:login).and_return(nil)
+ end
+
+ it "returns an error" do
+ post :create, session: { username: 'x', password: 'y' }
+ expect(response).to render_template(:new)
+ expect(flash[:error]).to_not be_empty
+ end
+ end
end
end
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 12:16:22 +0000