diff options
| author | mo khan <mo@mokhan.ca> | 2014-11-15 09:37:39 -0700 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2014-11-15 09:37:39 -0700 |
| commit | f5820558d13d62bcf8af6b2dc3959e6ca3b7dad0 (patch) | |
| tree | 7bc6b12c08e985ead4cc1502958af50a221dbc0a | |
| parent | 37c8e45873e94fc40fe2085dbd7258e4304297d8 (diff) | |
update authentication to use session cookie.
| -rw-r--r-- | app/controllers/application_controller.rb | 5 | ||||
| -rw-r--r-- | spec/controllers/application_controller_spec.rb | 12 |
2 files changed, 9 insertions, 8 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 12c5d2b..70124fb 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -14,9 +14,8 @@ class ApplicationController < ActionController::Base private - def ensure_valid_session - #::TODO look up session by unique session key not id. - unless session[:user_session_id] && @current_session = Session.find(session[:user_session_id]) + def ensure_valid_session(user_session_id = cookies.signed[:raphael]) + unless @current_session = Session.find(user_session_id) redirect_to new_session_path end rescue ActiveRecord::RecordNotFound diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 72ecea1..6c4756a 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -12,7 +12,8 @@ describe ApplicationController do let(:user) { create(:user, password: 'password', password_confirmation: 'password') } let(:user_session) { create(:session, user: user) } - before { get :index, {}, user_session_id: user_session.id } + before { cookies.signed[:raphael] = user_session.id } + before { get :index } it "lets you continue to do whatever the heck you were trying to do" do expect(response.status).to eql(200) @@ -24,15 +25,16 @@ describe ApplicationController do end context "when not signed in" do - it "boots you out when their is no session_id" do + before :each do + cookies.signed[:raphael] = rand(100) get :index + end + + it "boots you out when their is no session_id" do expect(response).to redirect_to(new_session_path) end it "boots you out when the session id is not known" do - allow(Session).to receive(:find).with(100).and_raise(ActiveRecord::RecordNotFound) - - get :index, {}, user_session_id: 100 expect(response).to redirect_to(new_session_path) end end |