Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class SessionsController < ApplicationController
- def new
- end
- def create
- reset_session # prevents session fixation
- @user = User.find(params[:email])
- if @user.try(:authenticate, params[:password])
- session[:user_id] = @user.id
- redirect_to root_path
- else
- render :new, status: :not_found
- end
- end
- def destroy
- reset_session
- redirect_to root_path
- end
- end
- require 'rails_helper'
- RSpec.feature "User Authentiation" do
- context "signing out" do
- let(:user) { FactoryGirl.create(:user) }
- before do
- visit new_session_path
- fill_in :email, with: user.email
- fill_in :password: with: user.password
- click_button 'Log in'
- click_button 'Log out'
- end
- scenario 'user should not be signed in' do
- expect(page).to have_link 'Sign in'
- expect(page).to_not have_link 'Sign Out'
- end
- scenario 'user should not be able to access the member area' do
- visit '/members-only'
- expect(current_path).to_not eq '/members-only'
- expect(page).to have_text 'Please sign in'
- end
- end
- # ...
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement