[fix #4238] When the token does not exist, redirect to home page without sending a new link

This commit is contained in:
simon lehericey 2019-08-27 10:21:06 +02:00
parent 7ffad1e6ae
commit 7b9b90a3e0
2 changed files with 16 additions and 2 deletions

View file

@ -51,7 +51,11 @@ class Users::SessionsController < Devise::SessionsController
.trusted_device_tokens
.find_by(token: params[:jeton])
if trusted_device_token&.token_valid?
if trusted_device_token.nil?
flash[:alert] = 'Votre lien est invalide.'
redirect_to root_path
elsif trusted_device_token.token_valid?
trust_device(trusted_device_token.created_at)
period = ((trusted_device_token.created_at + TRUSTED_DEVICE_PERIOD) - Time.zone.now).to_i / ActiveSupport::Duration::SECONDS_PER_DAY
@ -67,7 +71,7 @@ class Users::SessionsController < Devise::SessionsController
redirect_to new_user_session_path
end
else
flash[:alert] = 'Votre lien est invalide ou expiré, un nouveau vient de vous être envoyé.'
flash[:alert] = 'Votre lien est expiré, un nouveau vient de vous être envoyé.'
send_login_token_or_bufferize(instructeur)
redirect_to link_sent_path(email: instructeur.email)

View file

@ -165,6 +165,16 @@ describe Users::SessionsController, type: :controller do
it { expect(controller).not_to have_received(:trust_device) }
it { expect(controller).to have_received(:send_login_token_or_bufferize) }
end
context 'when the token does not exist' do
let(:jeton) { 'I do not exist' }
it { is_expected.to redirect_to root_path }
it { expect(controller.current_instructeur).to be_nil }
it { expect(controller).not_to have_received(:trust_device) }
it { expect(controller).not_to have_received(:send_login_token_or_bufferize) }
it { expect(flash.alert).to eq('Votre lien est invalide.') }
end
end
context 'when the instructeur is logged in' do