Skip to content

Commit

Permalink
Prevent unauthenticated users from signing up (#173)
Browse files Browse the repository at this point in the history 
* Prevent unauthenticated users from signing up

* Disable cop complaining about rspec idiom

Refer to rubocop/rubocop#4222

* Fix style violation

* Change authorization mc -> admin following UserController
  • Loading branch information
@indocomsoft
indocomsoft committed Nov 14, 2018
1 parent 7f7f194 commit 892e17d
Show file tree
Hide file tree
Showing 4 changed files with 118 additions and 0 deletions.
4 changes: 4 additions & 0 deletions .rubocop.yml
View file
Expand Up @@ -16,6 +16,10 @@ AllCops:
- '**/Vagrantfile'
- 'vendor/**/*'

Lint/AmbiguousBlockAssociation:
Exclude:
- "spec/**/*"

Layout/EmptyLinesAroundArguments:
Enabled: false

Expand Down
16 changes: 16 additions & 0 deletions app/controllers/registrations_controller.rb
View file
@@ -1,9 +1,17 @@
# frozen_string_literal: true

class RegistrationsController < Devise::RegistrationsController
# Required so that authenticated users can access this page
# instead of being redirected to new_user_session_path
skip_before_action :require_no_authentication

def new
ensure_admin || return
super
end

def create
ensure_admin || return
build_resource(sign_up_params)
resource.save
yield resource if block_given?
Expand All @@ -21,4 +29,12 @@ def after_inactive_sign_up_path_for(_resource)
def update_resource(resource, params)
resource.update_without_password(params)
end

private

def ensure_admin
redirect_to(new_user_session_path) && return unless user_signed_in?
redirect_to(users_path) && return unless current_user.has_role? :admin
true
end
end
97 changes: 97 additions & 0 deletions spec/controllers/registrations_controller_spec.rb
View file
@@ -0,0 +1,97 @@
# frozen_string_literal: true

require 'rails_helper'

RSpec.describe RegistrationsController, type: :controller do
before do
@request.env['devise.mapping'] = Devise.mappings[:user]
end

describe 'GET #new' do
context 'unauthenticated' do
it do
get(:new)
should redirect_to new_user_session_path
end
end
context 'normal user' do
it do
sign_in create(:user)
get :new
should redirect_to users_path
end
end
context 'mc' do
it do
sign_in create(:user, mc: true)
get :new
should redirect_to users_path
end
end
context 'admin' do
it do
user = create(:user)
user.add_role(:admin)
sign_in user
get :new
should respond_with :ok
end
end
end

describe 'POST #create' do
before do
@params = {
user: {
username: 'Asd', matric_num: 'A101010J', contact_num: '85851212',
email: 'asd@example.com', cell: 'marketing', mc: false,
password: '123456', password_confirmation: '123456'
}
}
end

context 'unauthenticated' do
it do
expect { post :create, params: @params }
.to_not change { User.count }
should redirect_to new_user_session_path
end
end
context 'normal user' do
it do
sign_in create(:user)
expect { post :create, params: @params }
.to_not change { User.count }
should redirect_to users_path
end
end
context 'mc' do
it do
sign_in create(:user, mc: true)
expect { post :create, params: @params }
.to_not change { User.count }
should redirect_to users_path
end
end
context 'admin' do
it do
user = create(:user)
user.add_role(:admin)
sign_in user
expect { post :create, params: @params }
.to change { User.count }.by(1)
should redirect_to users_path
end
end
end

describe 'after_sign_up_path_for' do
it { expect(subject.after_sign_up_path_for(nil)).to eq(users_path) }
end

describe 'after_inactive_sign_up_path_for' do
it {
expect(subject.after_inactive_sign_up_path_for(nil)).to eq(users_path)
}
end
end
1 change: 1 addition & 0 deletions spec/rails_helper.rb
View file
Expand Up @@ -69,6 +69,7 @@
# arbitrary gems may also be filtered via:
# config.filter_gems_from_backtrace("gem name")
config.include Devise::Test::ControllerHelpers, type: :controller
config.include Devise::Test::ControllerHelpers, type: :view
end

Shoulda::Matchers.configure do |config|
Expand Down

0 comments on commit 892e17d

Please sign in to comment.