From aba11e35fa483ae72203854e323445e8330ed71b Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 16 Oct 2017 15:46:07 +0200 Subject: fix: login error message with locale set On a failed login the warden failure app gets called. Some of the params are changed accordingly but controller and action remain. set_locale would detect there was no locale in the path and thus attempt to redirect. However the params still belong to the previous request which was a POST to Api::SessionsController. This route does not respond to get requests and so it would trigger a 404 in production and a 500 in development. This commit prevents set_locale to act upon warden failure app controller calls by adding /new to the list of `NON_LOCALE_PATHS`. (The path is updated by warden to the name of the action called in the failure app). A test is included in this commit that tries to login with an invalid username, password combination and a german locale set. fixes #8805 --- app/controllers/application_controller.rb | 2 +- test/integration/browser/account_livecycle_test.rb | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1f37fea..d3cfc2b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -99,7 +99,7 @@ class ApplicationController < ActionController::Base # # URL paths for which we don't enforce the locale as the prefix of the path. # - NON_LOCALE_PATHS = /^\/(assets|webfinger|.well-known|rails|key|[0-9]+)($|\/)/ + NON_LOCALE_PATHS = /^\/(assets|webfinger|.well-known|rails|key|[0-9]+|new)($|\/)/ # # For some requests, we ignore locale determination. diff --git a/test/integration/browser/account_livecycle_test.rb b/test/integration/browser/account_livecycle_test.rb index cfab444..68775d3 100644 --- a/test/integration/browser/account_livecycle_test.rb +++ b/test/integration/browser/account_livecycle_test.rb @@ -63,6 +63,16 @@ class AccountLivecycleTest < BrowserIntegrationTest assert_invalid_login(page) end + test "failed login with locale" do + page.driver.add_header 'Accept-Language', 'de' + visit '/' + click_on 'Anmelden' + fill_in 'Nutzername', with: 'username' + fill_in 'Password', with: 'falsches password' + click_on 'Session erstellen' + assert_invalid_login(page, locale: :de) + end + test "account destruction" do username, password = submit_signup @@ -115,9 +125,10 @@ class AccountLivecycleTest < BrowserIntegrationTest click_on 'Log In' end - def assert_invalid_login(page) + def assert_invalid_login(page, locale: nil) assert page.has_selector? '.btn-primary.disabled' - assert page.has_content? sanitize(I18n.t(:invalid_user_pass), tags: []) + message = I18n.t :invalid_user_pass, locale: locale + assert page.has_content? sanitize(message, tags: []) assert page.has_no_selector? '.btn-primary.disabled' end -- cgit v1.2.3