summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2017-10-16 15:46:07 +0200
committerAzul <azul@riseup.net>2017-10-16 15:47:39 +0200
commitaba11e35fa483ae72203854e323445e8330ed71b (patch)
treeb903a3f85193675596a611e396a3c0322d4b0302
parent35b710c968d6e71e4d4210dbc2e00abc6f14f513 (diff)
fix: login error message with locale set
On a failed login the warden failure app gets called. Some of the params are changed accordingly but controller and action remain. set_locale would detect there was no locale in the path and thus attempt to redirect. However the params still belong to the previous request which was a POST to Api::SessionsController. This route does not respond to get requests and so it would trigger a 404 in production and a 500 in development. This commit prevents set_locale to act upon warden failure app controller calls by adding /new to the list of `NON_LOCALE_PATHS`. (The path is updated by warden to the name of the action called in the failure app). A test is included in this commit that tries to login with an invalid username, password combination and a german locale set. fixes #8805
-rw-r--r--app/controllers/application_controller.rb2
-rw-r--r--test/integration/browser/account_livecycle_test.rb15
2 files changed, 14 insertions, 3 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1f37fea..d3cfc2b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -99,7 +99,7 @@ class ApplicationController < ActionController::Base
#
# URL paths for which we don't enforce the locale as the prefix of the path.
#
- NON_LOCALE_PATHS = /^\/(assets|webfinger|.well-known|rails|key|[0-9]+)($|\/)/
+ NON_LOCALE_PATHS = /^\/(assets|webfinger|.well-known|rails|key|[0-9]+|new)($|\/)/
#
# For some requests, we ignore locale determination.
diff --git a/test/integration/browser/account_livecycle_test.rb b/test/integration/browser/account_livecycle_test.rb
index cfab444..68775d3 100644
--- a/test/integration/browser/account_livecycle_test.rb
+++ b/test/integration/browser/account_livecycle_test.rb
@@ -63,6 +63,16 @@ class AccountLivecycleTest < BrowserIntegrationTest
assert_invalid_login(page)
end
+ test "failed login with locale" do
+ page.driver.add_header 'Accept-Language', 'de'
+ visit '/'
+ click_on 'Anmelden'
+ fill_in 'Nutzername', with: 'username'
+ fill_in 'Password', with: 'falsches password'
+ click_on 'Session erstellen'
+ assert_invalid_login(page, locale: :de)
+ end
+
test "account destruction" do
username, password = submit_signup
@@ -115,9 +125,10 @@ class AccountLivecycleTest < BrowserIntegrationTest
click_on 'Log In'
end
- def assert_invalid_login(page)
+ def assert_invalid_login(page, locale: nil)
assert page.has_selector? '.btn-primary.disabled'
- assert page.has_content? sanitize(I18n.t(:invalid_user_pass), tags: [])
+ message = I18n.t :invalid_user_pass, locale: locale
+ assert page.has_content? sanitize(message, tags: [])
assert page.has_no_selector? '.btn-primary.disabled'
end