diff options
author | Azul <azul@riseup.net> | 2017-10-16 15:46:07 +0200 |
---|---|---|
committer | Azul <azul@riseup.net> | 2017-10-16 15:47:39 +0200 |
commit | aba11e35fa483ae72203854e323445e8330ed71b (patch) | |
tree | b903a3f85193675596a611e396a3c0322d4b0302 | |
parent | 35b710c968d6e71e4d4210dbc2e00abc6f14f513 (diff) |
fix: login error message with locale set
On a failed login the warden failure app gets called.
Some of the params are changed accordingly but controller
and action remain.
set_locale would detect there was no locale in the path
and thus attempt to redirect. However the params still
belong to the previous request which was a POST to
Api::SessionsController.
This route does not respond to get requests and so it
would trigger a 404 in production and a 500 in development.
This commit prevents set_locale to act upon warden failure
app controller calls by adding /new to the list of
`NON_LOCALE_PATHS`. (The path is updated by warden to the
name of the action called in the failure app).
A test is included in this commit that tries to login
with an invalid username, password combination and a german
locale set.
fixes #8805
-rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
-rw-r--r-- | test/integration/browser/account_livecycle_test.rb | 15 |
2 files changed, 14 insertions, 3 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1f37fea..d3cfc2b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -99,7 +99,7 @@ class ApplicationController < ActionController::Base # # URL paths for which we don't enforce the locale as the prefix of the path. # - NON_LOCALE_PATHS = /^\/(assets|webfinger|.well-known|rails|key|[0-9]+)($|\/)/ + NON_LOCALE_PATHS = /^\/(assets|webfinger|.well-known|rails|key|[0-9]+|new)($|\/)/ # # For some requests, we ignore locale determination. diff --git a/test/integration/browser/account_livecycle_test.rb b/test/integration/browser/account_livecycle_test.rb index cfab444..68775d3 100644 --- a/test/integration/browser/account_livecycle_test.rb +++ b/test/integration/browser/account_livecycle_test.rb @@ -63,6 +63,16 @@ class AccountLivecycleTest < BrowserIntegrationTest assert_invalid_login(page) end + test "failed login with locale" do + page.driver.add_header 'Accept-Language', 'de' + visit '/' + click_on 'Anmelden' + fill_in 'Nutzername', with: 'username' + fill_in 'Password', with: 'falsches password' + click_on 'Session erstellen' + assert_invalid_login(page, locale: :de) + end + test "account destruction" do username, password = submit_signup @@ -115,9 +125,10 @@ class AccountLivecycleTest < BrowserIntegrationTest click_on 'Log In' end - def assert_invalid_login(page) + def assert_invalid_login(page, locale: nil) assert page.has_selector? '.btn-primary.disabled' - assert page.has_content? sanitize(I18n.t(:invalid_user_pass), tags: []) + message = I18n.t :invalid_user_pass, locale: locale + assert page.has_content? sanitize(message, tags: []) assert page.has_no_selector? '.btn-primary.disabled' end |