[fix #4238] When the token does not exist, redirect to home page without sending a new link
This commit is contained in:
parent
7ffad1e6ae
commit
7b9b90a3e0
2 changed files with 16 additions and 2 deletions
|
@ -51,7 +51,11 @@ class Users::SessionsController < Devise::SessionsController
|
|||
.trusted_device_tokens
|
||||
.find_by(token: params[:jeton])
|
||||
|
||||
if trusted_device_token&.token_valid?
|
||||
if trusted_device_token.nil?
|
||||
flash[:alert] = 'Votre lien est invalide.'
|
||||
|
||||
redirect_to root_path
|
||||
elsif trusted_device_token.token_valid?
|
||||
trust_device(trusted_device_token.created_at)
|
||||
|
||||
period = ((trusted_device_token.created_at + TRUSTED_DEVICE_PERIOD) - Time.zone.now).to_i / ActiveSupport::Duration::SECONDS_PER_DAY
|
||||
|
@ -67,7 +71,7 @@ class Users::SessionsController < Devise::SessionsController
|
|||
redirect_to new_user_session_path
|
||||
end
|
||||
else
|
||||
flash[:alert] = 'Votre lien est invalide ou expiré, un nouveau vient de vous être envoyé.'
|
||||
flash[:alert] = 'Votre lien est expiré, un nouveau vient de vous être envoyé.'
|
||||
|
||||
send_login_token_or_bufferize(instructeur)
|
||||
redirect_to link_sent_path(email: instructeur.email)
|
||||
|
|
|
@ -165,6 +165,16 @@ describe Users::SessionsController, type: :controller do
|
|||
it { expect(controller).not_to have_received(:trust_device) }
|
||||
it { expect(controller).to have_received(:send_login_token_or_bufferize) }
|
||||
end
|
||||
|
||||
context 'when the token does not exist' do
|
||||
let(:jeton) { 'I do not exist' }
|
||||
|
||||
it { is_expected.to redirect_to root_path }
|
||||
it { expect(controller.current_instructeur).to be_nil }
|
||||
it { expect(controller).not_to have_received(:trust_device) }
|
||||
it { expect(controller).not_to have_received(:send_login_token_or_bufferize) }
|
||||
it { expect(flash.alert).to eq('Votre lien est invalide.') }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the instructeur is logged in' do
|
||||
|
|
Loading…
Reference in a new issue