Permalink
Browse files

Fix some bugs in the authentication.

- Don't use flash to show errors on the direct response.
- Default email address in the session form after a failed login.
- Fix the formatting of a comment.
  • Loading branch information...
1 parent 443fa7a commit 4aea4fbc382b7431f666a66b8d4aeb10acce933f @Manfred Manfred committed Oct 29, 2009
View
1 templates/app/controllers/sessions_controller.rb
@@ -13,7 +13,6 @@ def create
finish_authentication_needed! || redirect_to(root_url)
else
still_authentication_needed!
- flash[:login_error] = @unauthenticated.errors.on(:base)
render :new
end
end
View
9 templates/app/models/member/authentication.rb
@@ -20,12 +20,13 @@ def self.hash_password(password)
::Digest::SHA1.hexdigest(password)
end
- # Authenticates credentials. Takes a hash with a :email and :password, returns an instance of Member.
- # The Member has errors on base when the user isn't authenticated.
+ # Authenticates credentials. Takes a hash with a :email and :password,
+ # returns an instance of Member. The Member has errors on base when
+ # the user isn't authenticated.
def self.authenticate(params={})
unless member = find_by_email_and_hashed_password(params[:email], hash_password(params[:password]))
- member = Member.new
- member.errors.add_to_base("The username and/or email you entered is invalid. Please try again.")
+ member = Member.new(params.slice(:email, :password))
+ member.errors.add_to_base("The credentials you entered are invalid. Please try again.")
member
else
member
View
4 templates/app/views/sessions/_form.html.erb
@@ -1,8 +1,8 @@
<% form_for(@unauthenticated || Member.new, :url => session_path) do |f| %>
<h2><%=h @title = 'Log in' %></h2>
- <% if flash[:login_error] %>
- <div class="errorExplanation"><%= flash[:login_error] %></div>
+ <% if @unauthenticated.errors.on(:base) %>
+ <div class="errorExplanation"><%= @unauthenticated.errors.on(:base) %></div>
<% end %>
<div class="field">
View
11 templates/test/functional/sessions_controller_test.rb
@@ -34,13 +34,24 @@
assert_select 'div.errorExplanation'
end
+ it "should not default the wrong password in the form after a failed login" do
+ post :create, :member => valid_credentials.merge(:password => 'wrong')
+ assert_select 'input[id="member_password"]'
+ assert_select 'input[id="member_password"][value]', false
+ end
+
it "should see an explanation when the email does not exist" do
post :create, :member => valid_credentials.merge(:email => 'unknown@example.com')
should.not.be.authenticated
status.should.be :success
assert_select 'div.errorExplanation'
end
+ it "should default the email in the form after a failed login" do
+ post :create, :member => valid_credentials.merge(:email => 'unknown@example.com')
+ assert_select 'input[id="member_email"][value="unknown@example.com"]'
+ end
+
it "should keep the url to return to if the password or email was wrong" do
url = member_url(members(:adrian))
post :create, { :member => valid_credentials.merge(:password => 'wrong') }, {}, { :after_authentication => { :redirect_to => url }}

0 comments on commit 4aea4fb

Please sign in to comment.