From aba11e35fa483ae72203854e323445e8330ed71b Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Mon, 16 Oct 2017 15:46:07 +0200
Subject: fix: login error message with locale set

On a failed login the warden failure app gets called.
Some of the params are changed accordingly but controller
and action remain.
set_locale would detect there was no locale in the path
and thus attempt to redirect. However the params still
belong to the previous request which was a POST to
  Api::SessionsController.
This route does not respond to get requests and so it
would trigger a 404 in production and a 500 in development.

This commit prevents set_locale to act upon warden failure
app controller calls by adding /new to the list of
`NON_LOCALE_PATHS`. (The path is updated by warden to the
name of the action called in the failure app).

A test is included in this commit that tries to login
with an invalid username, password combination and a german
locale set.

fixes #8805
---
 app/controllers/application_controller.rb          |  2 +-
 test/integration/browser/account_livecycle_test.rb | 15 +++++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1f37fea..d3cfc2b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -99,7 +99,7 @@ class ApplicationController < ActionController::Base
   #
   # URL paths for which we don't enforce the locale as the prefix of the path.
   #
-  NON_LOCALE_PATHS = /^\/(assets|webfinger|.well-known|rails|key|[0-9]+)($|\/)/
+  NON_LOCALE_PATHS = /^\/(assets|webfinger|.well-known|rails|key|[0-9]+|new)($|\/)/
 
   #
   # For some requests, we ignore locale determination.
diff --git a/test/integration/browser/account_livecycle_test.rb b/test/integration/browser/account_livecycle_test.rb
index cfab444..68775d3 100644
--- a/test/integration/browser/account_livecycle_test.rb
+++ b/test/integration/browser/account_livecycle_test.rb
@@ -63,6 +63,16 @@ class AccountLivecycleTest < BrowserIntegrationTest
     assert_invalid_login(page)
   end
 
+  test "failed login with locale" do
+    page.driver.add_header 'Accept-Language', 'de'
+    visit '/'
+    click_on 'Anmelden'
+    fill_in 'Nutzername', with: 'username'
+    fill_in 'Password', with: 'falsches password'
+    click_on 'Session erstellen'
+    assert_invalid_login(page, locale: :de)
+  end
+
   test "account destruction" do
     username, password = submit_signup
 
@@ -115,9 +125,10 @@ class AccountLivecycleTest < BrowserIntegrationTest
     click_on 'Log In'
   end
 
-  def assert_invalid_login(page)
+  def assert_invalid_login(page, locale: nil)
     assert page.has_selector? '.btn-primary.disabled'
-    assert page.has_content? sanitize(I18n.t(:invalid_user_pass), tags: [])
+    message = I18n.t :invalid_user_pass, locale: locale
+    assert page.has_content? sanitize(message, tags: [])
     assert page.has_no_selector? '.btn-primary.disabled'
   end
 
-- 
cgit v1.2.3