From e915e1090d2b5a17a0dcde8b11a63d11565c62a7 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 4 Sep 2013 09:48:30 +0200 Subject: fix login form - use api session url There's no non api sessions resource anymore. --- users/app/views/sessions/new.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users') diff --git a/users/app/views/sessions/new.html.haml b/users/app/views/sessions/new.html.haml index c915968..0939e00 100644 --- a/users/app/views/sessions/new.html.haml +++ b/users/app/views/sessions/new.html.haml @@ -2,7 +2,7 @@ .span9 = render :partial => 'users/warnings' %h2=t :login - = simple_form_for @session, :validate => true, :html => { :id => :new_session, :class => 'form-horizontal' } do |f| + = simple_form_for [:api, @session], :validate => true, :html => { :id => :new_session, :class => 'form-horizontal' } do |f| = f.input :login, :required => false, :label => t(:username), :input_html => { :id => :srp_username } = f.input :password, :required => false, :input_html => { :id => :srp_password } .form-actions -- cgit v1.2.3 From c08a5331347571d7a0a7da5629a16e394da18716 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 4 Sep 2013 10:46:15 +0200 Subject: use /login instead of /sessions/new and test successful login --- users/test/integration/browser/account_test.rb | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'users') diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb index 8b214a4..a5ec2c5 100644 --- a/users/test/integration/browser/account_test.rb +++ b/users/test/integration/browser/account_test.rb @@ -18,10 +18,20 @@ class AccountTest < BrowserIntegrationTest user.destroy end + test "successful login" do + username, password = submit_signup + click_on 'Logout' + click_on 'Log In' + fill_in 'Username', with: username + fill_in 'Password', with: password + click_on 'Log In' + assert page.has_content?("Welcome #{username}") + end + # trying to seed an invalid A for srp login test "detects attempt to circumvent SRP" do user = FactoryGirl.create :user - visit '/sessions/new' + visit '/login' fill_in 'Username', with: user.login fill_in 'Password', with: "password" inject_malicious_js -- cgit v1.2.3