User cannot access sign up and similar pages if he is already signed in through a cookie or token, closes #1036.
This commit is contained in:
parent
a59410a254
commit
4fd866d113
|
@ -3,6 +3,7 @@
|
|||
|
||||
* bug fix
|
||||
* password_required? should not affect length validation
|
||||
* User cannot access sign up and similar pages if he is already signed in through a cookie or token
|
||||
|
||||
== 1.3.3
|
||||
|
||||
|
|
|
@ -43,6 +43,9 @@ module Devise
|
|||
STRATEGIES = ActiveSupport::OrderedHash.new
|
||||
URL_HELPERS = ActiveSupport::OrderedHash.new
|
||||
|
||||
# Strategies that do not require user input.
|
||||
NO_INPUT = []
|
||||
|
||||
# True values used to check params
|
||||
TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
|
||||
|
||||
|
@ -293,13 +296,17 @@ module Devise
|
|||
options.assert_valid_keys(:strategy, :model, :controller, :route)
|
||||
|
||||
if strategy = options[:strategy]
|
||||
STRATEGIES[module_name] = (strategy == true ? module_name : strategy)
|
||||
strategy = (strategy == true ? module_name : strategy)
|
||||
STRATEGIES[module_name] = strategy
|
||||
end
|
||||
|
||||
if controller = options[:controller]
|
||||
CONTROLLERS[module_name] = (controller == true ? module_name : controller)
|
||||
controller = (controller == true ? module_name : controller)
|
||||
CONTROLLERS[module_name] = controller
|
||||
end
|
||||
|
||||
NO_INPUT << strategy if strategy && controller != :sessions
|
||||
|
||||
if route = options[:route]
|
||||
case route
|
||||
when TrueClass
|
||||
|
|
|
@ -91,7 +91,8 @@ MESSAGE
|
|||
# Example:
|
||||
# before_filter :require_no_authentication, :only => :new
|
||||
def require_no_authentication
|
||||
if warden.authenticated?(resource_name)
|
||||
args = devise_mapping.no_input_strategies.dup.push :scope => resource_name
|
||||
if warden.authenticate?(*args)
|
||||
resource = warden.user(resource_name)
|
||||
flash[:alert] = I18n.t("devise.failure.already_authenticated")
|
||||
redirect_to after_sign_in_path_for(resource)
|
||||
|
|
|
@ -85,6 +85,10 @@ module Devise
|
|||
@strategies ||= STRATEGIES.values_at(*self.modules).compact.uniq.reverse
|
||||
end
|
||||
|
||||
def no_input_strategies
|
||||
self.strategies & Devise::NO_INPUT
|
||||
end
|
||||
|
||||
def routes
|
||||
@routes ||= ROUTES.values_at(*self.modules).compact.uniq
|
||||
end
|
||||
|
|
|
@ -5,7 +5,7 @@ Devise.with_options :model => true do |d|
|
|||
d.with_options :strategy => true do |s|
|
||||
routes = [nil, :new, :destroy]
|
||||
s.add_module :database_authenticatable, :controller => :sessions, :route => { :session => routes }
|
||||
s.add_module :token_authenticatable, :controller => :sessions, :route => { :session => routes }
|
||||
s.add_module :token_authenticatable
|
||||
s.add_module :rememberable
|
||||
end
|
||||
|
||||
|
|
|
@ -39,14 +39,14 @@ class HelpersTest < ActionController::TestCase
|
|||
end
|
||||
|
||||
test 'require no authentication tests current mapping' do
|
||||
@mock_warden.expects(:authenticated?).with(:user).returns(true)
|
||||
@mock_warden.expects(:authenticate?).with(:rememberable, :token_authenticatable, :scope => :user).returns(true)
|
||||
@mock_warden.expects(:user).with(:user).returns(User.new)
|
||||
@controller.expects(:redirect_to).with(root_path)
|
||||
@controller.send :require_no_authentication
|
||||
end
|
||||
|
||||
test 'require no authentication sets a flash message' do
|
||||
@mock_warden.expects(:authenticated?).with(:user).returns(true)
|
||||
@mock_warden.expects(:authenticate?).with(:rememberable, :token_authenticatable, :scope => :user).returns(true)
|
||||
@mock_warden.expects(:user).with(:user).returns(User.new)
|
||||
@controller.expects(:redirect_to).with(root_path)
|
||||
@controller.send :require_no_authentication
|
||||
|
|
|
@ -72,6 +72,13 @@ class RememberMeTest < ActionController::IntegrationTest
|
|||
assert_match /remember_user_token[^\n]*HttpOnly\n/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
|
||||
end
|
||||
|
||||
test 'remember the user before sign up and redirect him to his home' do
|
||||
user = create_user_and_remember
|
||||
get new_user_registration_path
|
||||
assert warden.authenticated?(:user)
|
||||
assert_redirected_to root_path
|
||||
end
|
||||
|
||||
test 'cookies are destroyed on unverified requests' do
|
||||
swap ApplicationController, :allow_forgery_protection => true do
|
||||
user = create_user_and_remember
|
||||
|
|
|
@ -50,6 +50,11 @@ class MappingTest < ActiveSupport::TestCase
|
|||
assert_equal [:rememberable, :database_authenticatable], Devise.mappings[:admin].strategies
|
||||
end
|
||||
|
||||
test 'has no input strategies depending on the model declaration' do
|
||||
assert_equal [:rememberable, :token_authenticatable], Devise.mappings[:user].no_input_strategies
|
||||
assert_equal [:rememberable], Devise.mappings[:admin].no_input_strategies
|
||||
end
|
||||
|
||||
test 'find scope for a given object' do
|
||||
assert_equal :user, Devise::Mapping.find_scope!(User)
|
||||
assert_equal :user, Devise::Mapping.find_scope!(:user)
|
||||
|
|
Loading…
Reference in New Issue