ActionItem618: redirecting to login before giving "access denied"

Antonio Terceiro
1 parent 43c3c5f7
Showing 3 changed files with 14 additions and 1 deletions Show diff stats
app/controllers/my_profile_controller.rb
lib/authenticated_system.rb
test/integration/login_to_the_application_test.rb
@@ -4,6 +4,8 @@ class MyProfileController &lt; ApplicationController
  
   require_ssl
  
+  before_filter :login_required
+
   # declares that the controller needs an specific type of profile. Example:
   #
   #  class PersonDetailControlles < ProfileAdminController
@@ -86,7 +86,7 @@ module AuthenticatedSystem
     # Redirect to the URI stored by the most recent store_location call or
     # to the passed default.
     def redirect_back_or_default(default)
-      session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
+      session[:return_to] ? redirect_to(session[:return_to]) : redirect_to(default)
       session[:return_to] = nil
     end
  
@@ -18,4 +18,15 @@ class LoginToTheApplicationTest &lt; ActionController::IntegrationTest
  
   end
  
+  def test_unauthenticated_user_tries_to_access_his_control_panel
+    Environment.any_instance.stubs(:disable_ssl).returns(true) # ignore SSL for this test 
+
+    get '/myprofile/ze'
+    assert_redirected_to '/account/login'
+
+    post '/account/login', :user => { :login => 'ze', :password => "test" }
+
+    assert_redirected_to '/myprofile/ze'
+  end
+
 end
...	...	@@ -4,6 +4,8 @@ class MyProfileController < ApplicationController
4	4
5	5	require_ssl
6	6
	7	+ before_filter :login_required
	8	+
7	9	# declares that the controller needs an specific type of profile. Example:
8	10	#
9	11	# class PersonDetailControlles < ProfileAdminController
...	...
...	...	@@ -86,7 +86,7 @@ module AuthenticatedSystem
86	86	# Redirect to the URI stored by the most recent store_location call or
87	87	# to the passed default.
88	88	def redirect_back_or_default(default)
89		- session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
	89	+ session[:return_to] ? redirect_to(session[:return_to]) : redirect_to(default)
90	90	session[:return_to] = nil
91	91	end
92	92
...	...
...	...	@@ -18,4 +18,15 @@ class LoginToTheApplicationTest < ActionController::IntegrationTest
18	18
19	19	end
20	20
	21	+ def test_unauthenticated_user_tries_to_access_his_control_panel
	22	+ Environment.any_instance.stubs(:disable_ssl).returns(true) # ignore SSL for this test
	23	+
	24	+ get '/myprofile/ze'
	25	+ assert_redirected_to '/account/login'
	26	+
	27	+ post '/account/login', :user => { :login => 'ze', :password => "test" }
	28	+
	29	+ assert_redirected_to '/myprofile/ze'
	30	+ end
	31	+
21	32	end
...	...