summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2013-04-02 16:56:11 +0200
committerAzul <azul@leap.se>2013-04-02 16:56:11 +0200
commitd781dbdd61d1d24ec4828859a28815b55310154d (patch)
tree1e2deca8e62aa804b2babe38f9780089c88f38ff
parent62c48c5a14ea0c1221216c3e40eb82ef594f2771 (diff)
send more meaningful error message on completely failed login attempt
-rw-r--r--users/app/controllers/controller_extension/authentication.rb16
-rw-r--r--users/config/locales/en.yml1
-rw-r--r--users/test/functional/sessions_controller_test.rb11
-rw-r--r--users/test/functional/v1/sessions_controller_test.rb16
-rw-r--r--users/test/integration/api/account_flow_test.rb6
-rw-r--r--users/test/integration/api/login_test.rb25
6 files changed, 54 insertions, 21 deletions
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index f2184d9..f0a6564 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -8,13 +8,27 @@ module ControllerExtension::Authentication
end
def authentication_errors
- return unless errors = warden.winning_strategy.try(:message)
+ return unless attempted_login?
+ errors = get_warden_errors
errors.inject({}) do |translated,err|
translated[err.first] = I18n.t(err.last)
translated
end
end
+ def get_warden_errors
+ if strategy = warden.winning_strategy
+ strategy.message
+ else
+ { login: :all_strategies_failed }
+ end
+ end
+
+ def attempted_login?
+ request.env['warden.options'] &&
+ request.env['warden.options'][:attempted_path]
+ end
+
def logged_in?
!!current_user
end
diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml
index 9e7d4b2..2077858 100644
--- a/users/config/locales/en.yml
+++ b/users/config/locales/en.yml
@@ -6,6 +6,7 @@ en:
login: "Login"
login_message: "Please login with your account."
invalid_user_pass: "Not a valid username/password combination"
+ all_strategies_failed: "Could not understand your login attempt. Please first send your login and a SRP ephemeral value A and then send the client_auth in the same session (using cookies)."
update_login_and_password: "Update Login and Password"
cancel_account: "Cancel your account"
remove_account: "Remove Account"
diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index f99c0d7..b22c3a3 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -11,7 +11,6 @@ class SessionsControllerTest < ActionController::TestCase
end
test "should get login screen" do
- request.env['warden'].expects(:winning_strategy)
get :new
assert_response :success
assert_equal "text/html", response.content_type
@@ -19,13 +18,13 @@ class SessionsControllerTest < ActionController::TestCase
end
test "renders json" do
- request.env['warden'].expects(:winning_strategy)
get :new, :format => :json
assert_response :success
assert_json_error nil
end
test "renders warden errors" do
+ request.env['warden.options'] = {attempted_path: '/1/sessions/asdf.json'}
strategy = stub :message => {:field => :translate_me}
request.env['warden'].stubs(:winning_strategy).returns(strategy)
I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
@@ -34,6 +33,14 @@ class SessionsControllerTest < ActionController::TestCase
assert_json_error :field => "translation stub"
end
+ test "renders failed attempt message" do
+ request.env['warden.options'] = {attempted_path: '/1/sessions/asdf.json'}
+ request.env['warden'].stubs(:winning_strategy).returns(nil)
+ get :new, :format => :json
+ assert_response 422
+ assert_json_error :login => I18n.t(:all_strategies_failed)
+ end
+
# Warden takes care of parsing the params and
# rendering the response. So not much to test here.
test "should perform handshake" do
diff --git a/users/test/functional/v1/sessions_controller_test.rb b/users/test/functional/v1/sessions_controller_test.rb
index 535da52..1226c9d 100644
--- a/users/test/functional/v1/sessions_controller_test.rb
+++ b/users/test/functional/v1/sessions_controller_test.rb
@@ -11,22 +11,6 @@ class V1::SessionsControllerTest < ActionController::TestCase
@client_hex = 'a123'
end
- test "renders json" do
- request.env['warden'].expects(:winning_strategy)
- get :new, :format => :json
- assert_response :success
- assert_json_error nil
- end
-
- test "renders warden errors" do
- strategy = stub :message => {:field => :translate_me}
- request.env['warden'].stubs(:winning_strategy).returns(strategy)
- I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
- get :new, :format => :json
- assert_response 422
- assert_json_error :field => "translation stub"
- end
-
# Warden takes care of parsing the params and
# rendering the response. So not much to test here.
test "should perform handshake" do
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index e618541..d1a97e9 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -75,7 +75,8 @@ class AccountFlowTest < ActiveSupport::TestCase
test "signup and wrong password login attempt" do
srp = SRP::Client.new @login, :password => "wrong password"
server_auth = srp.authenticate(self)
- assert_json_error({:login => "Not a valid username/password combination", :password => "Not a valid username/password combination"})
+ assert_json_error login: "Not a valid username/password combination",
+ password: "Not a valid username/password combination"
assert !last_response.successful?
assert_nil server_auth["M2"]
end
@@ -86,7 +87,8 @@ class AccountFlowTest < ActiveSupport::TestCase
assert_raises RECORD_NOT_FOUND do
server_auth = srp.authenticate(self)
end
- assert_json_error({:login => "Not a valid username/password combination", :password => "Not a valid username/password combination"})
+ assert_json_error login: "Not a valid username/password combination",
+ password: "Not a valid username/password combination"
assert !last_response.successful?
assert_nil server_auth
end
diff --git a/users/test/integration/api/login_test.rb b/users/test/integration/api/login_test.rb
new file mode 100644
index 0000000..ba82c8e
--- /dev/null
+++ b/users/test/integration/api/login_test.rb
@@ -0,0 +1,25 @@
+require 'test_helper'
+
+CONFIG_RU = (Rails.root + 'config.ru').to_s
+OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first
+
+class AccountFlowTest < ActiveSupport::TestCase
+ include Rack::Test::Methods
+ include Warden::Test::Helpers
+ include LeapWebCore::AssertResponses
+
+ def app
+ OUTER_APP
+ end
+
+ def setup
+ @login = "integration_test_user"
+ end
+
+ test "require json requests" do
+ put "http://api.lvh.me:3000/1/sessions/" + @login,
+ :client_auth => "This is not a valid login anyway"
+ assert_json_error login: I18n.t(:all_strategies_failed)
+ end
+
+end