From 8205a00372c72015817d243b180399108ac8b7d5 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Sat, 15 Nov 2014 09:13:30 -0700
Subject: return nil if the credentials are incorrect.

---
 app/controllers/sessions_controller.rb       |  5 ++---
 app/models/services/login_command.rb         |  4 ++--
 app/models/user.rb                           |  6 +-----
 spec/controllers/sessions_controller_spec.rb | 21 +++------------------
 spec/models/services/login_command_spec.rb   | 20 +++++++++++++++++++-
 5 files changed, 27 insertions(+), 29 deletions(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index a6e9a12..0864113 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -11,9 +11,8 @@ class SessionsController < ApplicationController
   end
 
   def create
-    if @session = @login_command.run(self)
-      session[:user_session_id] = @session.id
-      cookies.signed[:raphael] = @session.access(request)
+    if user_session = @login_command.run(self)
+      cookies.signed[:raphael] = user_session
       redirect_to root_path(anchor: '')
     else
       flash[:error] = I18n.translate(:invalid_credentials)
diff --git a/app/models/services/login_command.rb b/app/models/services/login_command.rb
index 9bc9762..1e22820 100644
--- a/app/models/services/login_command.rb
+++ b/app/models/services/login_command.rb
@@ -5,10 +5,10 @@ class LoginCommand
 
   def run(context)
     user = @users.find_by(email: context.params[:email])
+    return nil unless user
+
     if user && (user_session = user.login(context.params[:password]))
       user_session.access(context.request)
-    else
-      raise "heck"
     end
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 5f58b0c..75c66c0 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -6,10 +6,6 @@ class User < ActiveRecord::Base
   has_secure_password
 
   def login(password)
-    if authenticate(password)
-      sessions.build
-    else
-      raise 'heck'
-    end
+    sessions.build if authenticate(password)
   end
 end
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 9100777..b82b8a1 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -9,13 +9,7 @@ describe SessionsController do
   end
 
   describe "#create" do
-    let(:user) { double(id: 1, authenticate: false) }
-
-    before :each do
-      allow(User).to receive(:find_by).with(email: 'email@example.com').and_return(user)
-      allow(User).to receive(:find_by).with(email: 'unknown@example.com').and_return(nil)
-      allow(user).to receive(:authenticate).with('password').and_return(true)
-    end
+    let!(:user) { create(:user, password: 'password') }
 
     context "when the email and password is incorrect" do
       it "displays an error" do
@@ -34,21 +28,12 @@ describe SessionsController do
     end
 
     context "when the email and password is correct" do
-      before :each do
-        post :create, email: 'email@example.com', password: 'password'
-      end
+      before { post :create, email: user.email, password: 'password' }
 
       it "redirects to the dashboard" do
         expect(response).to redirect_to(root_path(anchor: ''))
       end
 
-      it "creates a new session" do
-        expect(session[:user_session_id]).to_not be_nil
-        last_session = Session.last
-        expect(session[:user_session_id]).to eql(last_session.id)
-        expect(last_session.ip_address).to eql("0.0.0.0")
-      end
-
       it 'assigns a session key to a secure cookie' do
         expect(cookies.signed[:raphael]).to eql(Session.last.id)
       end
@@ -56,7 +41,7 @@ describe SessionsController do
   end
 
   context "#destroy" do
-    let(:user_session) { Session.create! }
+    let(:user_session) { create(:session) }
 
     it "removes the current session" do
       delete :destroy, { id: 'mine' }, { user_session_id: user_session.id }
diff --git a/spec/models/services/login_command_spec.rb b/spec/models/services/login_command_spec.rb
index 0aa3e5a..a98898d 100644
--- a/spec/models/services/login_command_spec.rb
+++ b/spec/models/services/login_command_spec.rb
@@ -5,15 +5,33 @@ describe LoginCommand do
 
   describe "#run" do
     let(:user) { create(:user) }
-    let(:web_context) { double(params: { email: user.email, password: 'password' }, request: web_request) }
     let(:web_request) { double(remote_ip: '192.168.0.1') }
+    let(:web_context) { double(params: params, request: web_request) }
 
     context "when the credentials are valid" do
+      let(:params) { { email: user.email, password: 'password' } }
+
       it 'returns a new user session' do
         result = subject.run(web_context)
         expect(result[:value]).to_not be_nil
         expect(result[:httponly]).to eql(true)
       end
     end
+
+    context "when the email is not known" do
+      let(:params) { { email: 'blah@example.com', password: 'password' } }
+
+      it 'returns nil' do
+        expect(subject.run(web_context)).to be_nil
+      end
+    end
+
+    context "when the password is incorrect" do
+      let(:params) { { email: user.email, password: 'wrong' } }
+
+      it 'returns nil' do
+        expect(subject.run(web_context)).to be_nil
+      end
+    end
   end
 end
-- 
cgit v1.2.3