Skip to content
This repository
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 86 lines (67 sloc) 2.291 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85
require 'spec_helper'

describe Clearance::SessionsController do
  it { should be_a Clearance::BaseController }

  describe 'on GET to /sessions/new' do
    before { get :new }

    it { should respond_with(:success) }
    it { should render_template(:new) }
    it { should_not set_the_flash }
  end

  context 'when password is optional' do
    describe 'POST create' do
      it 'renders the page with error' do
        user = create(:user_with_optional_password)

        post :create, session: { email: user.email, password: user.password }

        expect(response).to render_template(:new)
        expect(flash[:notice]).to match(/^Bad email or password/)
      end
    end
  end

  describe 'on POST to #create with good credentials' do
    before do
      @user = create(:user)
      @user.update_attribute :remember_token, 'old-token'
      post :create, session: { email: @user.email, password: @user.password }
    end

    it { should redirect_to_url_after_create }

    it 'sets the user in the clearance session' do
      controller.current_user.should == @user
    end

    it 'should not change the remember token' do
      @user.reload.remember_token.should == 'old-token'
    end
  end

  describe 'on POST to #create with good credentials and a session return url' do
    before do
      @user = create(:user)
      @return_url = '/url_in_the_session?foo=bar'
      @request.session[:return_to] = @return_url
      post :create, session: { email: @user.email, password: @user.password }
    end

    it 'redirects to the return URL' do
      should redirect_to(@return_url)
    end
  end

  describe 'on DELETE to #destroy given a signed out user' do
    before do
      sign_out
      delete :destroy
    end

    it { should redirect_to_url_after_destroy }
  end

  describe 'on DELETE to #destroy with a cookie' do
    before do
      @user = create(:user)
      @user.update_attribute :remember_token, 'old-token'
      @request.cookies['remember_token'] = 'old-token'
      delete :destroy
    end

    it { should redirect_to_url_after_destroy }

    it 'should reset the remember token' do
      @user.reload.remember_token.should_not == 'old-token'
    end

    it 'should unset the current user' do
      @controller.current_user.should be_nil
    end
  end
end
Something went wrong with that request. Please try again.