summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/controllers/sessions_controller.rb3
-rw-r--r--app/views/sessions/new.html.erb5
-rw-r--r--lib/authenticated_system.rb1
-rw-r--r--test/fixtures/users.yml8
-rw-r--r--test/functional/sessions_controller_test.rb50
5 files changed, 5 insertions, 62 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 7c06ac8..65e4ac3 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -19,8 +19,7 @@ class SessionsController < ApplicationController
19 flash[:notice] = "Logged in successfully" 19 flash[:notice] = "Logged in successfully"
20 else 20 else
21 note_failed_signin 21 note_failed_signin
22 @login = params[:login] 22 @login = params[:login]
23 @remember_me = params[:remember_me]
24 render :action => 'new' 23 render :action => 'new'
25 end 24 end
26 end 25 end
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 84f8469..3a27464 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -7,10 +7,5 @@
7<p><%= label_tag 'password' %><br/> 7<p><%= label_tag 'password' %><br/>
8<%= password_field_tag 'password', nil %></p> 8<%= password_field_tag 'password', nil %></p>
9 9
10<!-- Uncomment this if you want this functionality
11<p><%= label_tag 'remember_me', 'Remember me' %>
12<%= check_box_tag 'remember_me', '1', @remember_me %></p>
13-->
14
15<p><%= submit_tag 'Log in' %></p> 10<p><%= submit_tag 'Log in' %></p>
16<% end -%> 11<% end -%>
diff --git a/lib/authenticated_system.rb b/lib/authenticated_system.rb
index 7b813f4..838b734 100644
--- a/lib/authenticated_system.rb
+++ b/lib/authenticated_system.rb
@@ -112,7 +112,6 @@ module AuthenticatedSystem
112 # Kill server-side auth cookie 112 # Kill server-side auth cookie
113 @current_user.forget_me if @current_user.is_a? User 113 @current_user.forget_me if @current_user.is_a? User
114 @current_user = false # not logged in, and don't do it for me 114 @current_user = false # not logged in, and don't do it for me
115 kill_remember_cookie! # Kill client-side auth cookie
116 session[:user_id] = nil # keeps the session but kill our variable 115 session[:user_id] = nil # keeps the session but kill our variable
117 # explicitly kill any other session variables you set 116 # explicitly kill any other session variables you set
118 end 117 end
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index 3abe206..a6570e0 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -3,16 +3,16 @@ quentin:
3 id: 1 3 id: 1
4 login: quentin 4 login: quentin
5 email: quentin@example.com 5 email: quentin@example.com
6 salt: 356a192b7913b04c54574d18c28d46e6395428ab # SHA1('0') 6 salt: cf993996a70d31f924aff17a5f997722cb6ec2dd
7 crypted_password: 89e27e324f2dee0fb72034631aa1bc3ca28ea574 # 'monkey' 7 crypted_password: 11c672158b0eb6e8c91c438b3eb844902308b138 # 'monkey'
8 created_at: <%= 5.days.ago.to_s :db %> 8 created_at: <%= 5.days.ago.to_s :db %>
9 9
10aaron: 10aaron:
11 id: 2 11 id: 2
12 login: aaron 12 login: aaron
13 email: aaron@example.com 13 email: aaron@example.com
14 salt: da4b9237bacccdf19c0760cab7aec4a8359010b0 # SHA1('1') 14 salt: 5be6f9cdd04fd7ab3c91cd32a5334ba2339b8005
15 crypted_password: cf39f8e6972c25ac72ccc801cab755ef15bca09b # 'monkey' 15 crypted_password: 740a48caf7dd5ff11318d812d57c0a0928cfbc12 # 'monkey'
16 created_at: <%= 1.days.ago.to_s :db %> 16 created_at: <%= 1.days.ago.to_s :db %>
17 17
18 18
diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb
index e53bcd8..6baff5c 100644
--- a/test/functional/sessions_controller_test.rb
+++ b/test/functional/sessions_controller_test.rb
@@ -29,54 +29,4 @@ class SessionsControllerTest < ActionController::TestCase
29 assert_nil session[:user_id] 29 assert_nil session[:user_id]
30 assert_response :redirect 30 assert_response :redirect
31 end 31 end
32
33 def test_should_remember_me
34 @request.cookies["auth_token"] = nil
35 post :create, :login => 'quentin', :password => 'monkey', :remember_me => "1"
36 assert_not_nil @response.cookies["auth_token"]
37 end
38
39 def test_should_not_remember_me
40 @request.cookies["auth_token"] = nil
41 post :create, :login => 'quentin', :password => 'monkey', :remember_me => "0"
42 puts @response.cookies["auth_token"]
43 assert @response.cookies["auth_token"].blank?
44 end
45
46 def test_should_delete_token_on_logout
47 login_as :quentin
48 get :destroy
49 assert @response.cookies["auth_token"].blank?
50 end
51
52 def test_should_login_with_cookie
53 users(:quentin).remember_me
54 @request.cookies["auth_token"] = cookie_for(:quentin)
55 get :new
56 assert @controller.send(:logged_in?)
57 end
58
59 def test_should_fail_expired_cookie_login
60 users(:quentin).remember_me
61 users(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago
62 @request.cookies["auth_token"] = cookie_for(:quentin)
63 get :new
64 assert !@controller.send(:logged_in?)
65 end
66
67 def test_should_fail_cookie_login
68 users(:quentin).remember_me
69 @request.cookies["auth_token"] = auth_token('invalid_auth_token')
70 get :new
71 assert !@controller.send(:logged_in?)
72 end
73
74 protected
75 def auth_token(token)
76 CGI::Cookie.new('name' => 'auth_token', 'value' => token)
77 end
78
79 def cookie_for(user)
80 auth_token users(user).remember_token
81 end
82end 32end