quo_vadis 2.0.0 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CHANGELOG.md +7 -0
- data/Gemfile +0 -3
- data/README.md +4 -5
- data/lib/quo_vadis/version.rb +1 -1
- data/quo_vadis.gemspec +5 -3
- data/test/dummy/README.markdown +1 -0
- data/test/dummy/Rakefile +3 -0
- data/test/dummy/app/controllers/application_controller.rb +2 -0
- data/test/dummy/app/controllers/articles_controller.rb +17 -0
- data/test/dummy/app/controllers/sign_ups_controller.rb +42 -0
- data/test/dummy/app/controllers/users_controller.rb +25 -0
- data/test/dummy/app/models/application_record.rb +3 -0
- data/test/dummy/app/models/article.rb +3 -0
- data/test/dummy/app/models/person.rb +6 -0
- data/test/dummy/app/models/user.rb +6 -0
- data/test/dummy/app/views/articles/also_secret.html.erb +1 -0
- data/test/dummy/app/views/articles/index.html.erb +1 -0
- data/test/dummy/app/views/articles/secret.html.erb +1 -0
- data/test/dummy/app/views/articles/very_secret.html.erb +2 -0
- data/test/dummy/app/views/layouts/application.html.erb +46 -0
- data/test/dummy/app/views/quo_vadis/confirmations/edit.html.erb +10 -0
- data/test/dummy/app/views/quo_vadis/confirmations/index.html.erb +5 -0
- data/test/dummy/app/views/quo_vadis/confirmations/new.html.erb +16 -0
- data/test/dummy/app/views/quo_vadis/logs/index.html.erb +28 -0
- data/test/dummy/app/views/quo_vadis/mailer/account_confirmation.text.erb +4 -0
- data/test/dummy/app/views/quo_vadis/mailer/email_change_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/identifier_change_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/password_change_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/password_reset_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/recovery_codes_generation_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/reset_password.text.erb +4 -0
- data/test/dummy/app/views/quo_vadis/mailer/totp_reuse_notification.text.erb +6 -0
- data/test/dummy/app/views/quo_vadis/mailer/totp_setup_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/mailer/twofa_deactivated_notification.text.erb +8 -0
- data/test/dummy/app/views/quo_vadis/password_resets/edit.html.erb +25 -0
- data/test/dummy/app/views/quo_vadis/password_resets/index.html.erb +5 -0
- data/test/dummy/app/views/quo_vadis/password_resets/new.html.erb +12 -0
- data/test/dummy/app/views/quo_vadis/passwords/edit.html.erb +30 -0
- data/test/dummy/app/views/quo_vadis/recovery_codes/challenge.html.erb +11 -0
- data/test/dummy/app/views/quo_vadis/recovery_codes/index.html.erb +25 -0
- data/test/dummy/app/views/quo_vadis/sessions/index.html.erb +26 -0
- data/test/dummy/app/views/quo_vadis/sessions/new.html.erb +24 -0
- data/test/dummy/app/views/quo_vadis/totps/challenge.html.erb +11 -0
- data/test/dummy/app/views/quo_vadis/totps/new.html.erb +17 -0
- data/test/dummy/app/views/quo_vadis/twofas/show.html.erb +20 -0
- data/test/dummy/app/views/sign_ups/new.html.erb +37 -0
- data/test/dummy/app/views/sign_ups/show.html.erb +5 -0
- data/test/dummy/app/views/users/new.html.erb +37 -0
- data/test/dummy/config.ru +7 -0
- data/test/dummy/config/application.rb +30 -0
- data/test/dummy/config/boot.rb +4 -0
- data/test/dummy/config/database.yml +10 -0
- data/test/dummy/config/environment.rb +4 -0
- data/test/dummy/config/initializers/quo_vadis.rb +7 -0
- data/test/dummy/config/routes.rb +13 -0
- data/test/dummy/db/migrate/202102121932_create_users.rb +10 -0
- data/test/dummy/db/migrate/202102121935_create_people.rb +10 -0
- data/test/dummy/db/schema.rb +92 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/fixtures/quo_vadis/mailer/account_confirmation.text +4 -0
- data/test/fixtures/quo_vadis/mailer/email_change_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/identifier_change_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/password_change_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/password_reset_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/recovery_codes_generation_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/reset_password.text +4 -0
- data/test/fixtures/quo_vadis/mailer/totp_reuse_notification.text +6 -0
- data/test/fixtures/quo_vadis/mailer/totp_setup_notification.text +8 -0
- data/test/fixtures/quo_vadis/mailer/twofa_deactivated_notification.text +8 -0
- data/test/integration/account_confirmation_test.rb +112 -0
- data/test/integration/controller_test.rb +280 -0
- data/test/integration/logging_test.rb +235 -0
- data/test/integration/password_change_test.rb +93 -0
- data/test/integration/password_login_test.rb +125 -0
- data/test/integration/password_reset_test.rb +136 -0
- data/test/integration/recovery_codes_test.rb +48 -0
- data/test/integration/sessions_test.rb +86 -0
- data/test/integration/sign_up_test.rb +35 -0
- data/test/integration/totps_test.rb +96 -0
- data/test/integration/twofa_test.rb +82 -0
- data/test/mailers/mailer_test.rb +200 -0
- data/test/models/account_test.rb +34 -0
- data/test/models/crypt_test.rb +22 -0
- data/test/models/log_test.rb +16 -0
- data/test/models/mask_ip_test.rb +27 -0
- data/test/models/model_test.rb +66 -0
- data/test/models/password_test.rb +163 -0
- data/test/models/recovery_code_test.rb +54 -0
- data/test/models/session_test.rb +67 -0
- data/test/models/token_test.rb +70 -0
- data/test/models/totp_test.rb +68 -0
- data/test/quo_vadis_test.rb +43 -0
- data/test/test_helper.rb +58 -0
- metadata +119 -4
- data/Gemfile.lock +0 -178
|
File without changes
|
|
@@ -0,0 +1,112 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
class AccountConfirmationTest < IntegrationTest
|
|
4
|
+
|
|
5
|
+
setup do
|
|
6
|
+
QuoVadis.accounts_require_confirmation true
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
test 'new signup requiring confirmation' do
|
|
11
|
+
assert_emails 1 do
|
|
12
|
+
post sign_ups_path(user: {name: 'Bob', email: 'bob@example.com', password: '123456789abc'})
|
|
13
|
+
end
|
|
14
|
+
refute QuoVadis::Account.last.confirmed?
|
|
15
|
+
|
|
16
|
+
# verify response
|
|
17
|
+
assert_response :redirect
|
|
18
|
+
follow_redirect!
|
|
19
|
+
assert_equal 'A link to confirm your account has been emailed to you.', flash[:notice]
|
|
20
|
+
|
|
21
|
+
# click link in email
|
|
22
|
+
url = extract_url_from_email
|
|
23
|
+
get url
|
|
24
|
+
assert_response :success
|
|
25
|
+
action_path = extract_path_from_email
|
|
26
|
+
assert_select "form[action='#{action_path}']"
|
|
27
|
+
|
|
28
|
+
# click button on confirmation page
|
|
29
|
+
put action_path
|
|
30
|
+
|
|
31
|
+
# verify logged in
|
|
32
|
+
assert_redirected_to '/articles/secret'
|
|
33
|
+
assert_equal 'Thanks for confirming your account. You are now logged in.', flash[:notice]
|
|
34
|
+
assert controller.logged_in?
|
|
35
|
+
assert QuoVadis::Account.last.confirmed?
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
test 'resend confirmation email: valid identifier' do
|
|
40
|
+
user = User.create! name: 'bob', email: 'bob@example.com', password: '123456789abc'
|
|
41
|
+
|
|
42
|
+
get quo_vadis.new_confirmation_path
|
|
43
|
+
assert_response :success
|
|
44
|
+
|
|
45
|
+
assert_emails 1 do
|
|
46
|
+
post quo_vadis.confirmations_path(email: 'bob@example.com')
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
assert_redirected_to '/confirmations'
|
|
50
|
+
assert_equal 'A link to confirm your account has been emailed to you.', flash[:notice]
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
|
|
54
|
+
test 'resend confirmation email: unknown identifier' do
|
|
55
|
+
assert_no_emails do
|
|
56
|
+
post quo_vadis.confirmations_path(email: 'bob@example.com')
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
assert_redirected_to quo_vadis.new_confirmation_path
|
|
60
|
+
assert_equal 'Sorry, your account could not be found. Please try again.', flash[:alert]
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
|
|
64
|
+
test 'reusing a token' do
|
|
65
|
+
assert_emails 1 do
|
|
66
|
+
post sign_ups_path(user: {name: 'Bob', email: 'bob@example.com', password: '123456789abc'})
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
put extract_path_from_email
|
|
70
|
+
|
|
71
|
+
assert_redirected_to '/articles/secret'
|
|
72
|
+
assert_equal 'Thanks for confirming your account. You are now logged in.', flash[:notice]
|
|
73
|
+
|
|
74
|
+
put extract_path_from_email
|
|
75
|
+
assert_redirected_to quo_vadis.new_confirmation_path
|
|
76
|
+
assert_equal 'Either the link has expired or your account has already been confirmed.', flash[:alert]
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
|
|
80
|
+
test 'token expired' do
|
|
81
|
+
assert_emails 1 do
|
|
82
|
+
post sign_ups_path(user: {name: 'Bob', email: 'bob@example.com', password: '123456789abc'})
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
travel QuoVadis.account_confirmation_token_lifetime + 1.minute
|
|
86
|
+
get extract_url_from_email
|
|
87
|
+
|
|
88
|
+
assert_redirected_to quo_vadis.new_confirmation_path
|
|
89
|
+
assert_equal 'Either the link has expired or your account has already been confirmed.', flash[:alert]
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
|
|
93
|
+
test 'accounts requiring confirmation cannot log in' do
|
|
94
|
+
user = User.create! name: 'bob', email: 'bob@example.com', password: '123456789abc'
|
|
95
|
+
post quo_vadis.login_path(email: 'bob@example.com', password: '123456789abc')
|
|
96
|
+
assert_redirected_to quo_vadis.new_confirmation_path
|
|
97
|
+
assert_equal 'Please confirm your account first.', flash[:notice]
|
|
98
|
+
refute controller.logged_in?
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
|
|
102
|
+
private
|
|
103
|
+
|
|
104
|
+
def extract_url_from_email
|
|
105
|
+
ActionMailer::Base.deliveries.last.decoded[%r{^http://.*$}, 0]
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
def extract_path_from_email
|
|
109
|
+
extract_url_from_email.sub 'http://www.example.com', ''
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
end
|
|
@@ -0,0 +1,280 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
class ControllerTest < IntegrationTest
|
|
4
|
+
|
|
5
|
+
setup do
|
|
6
|
+
User.first_or_create! name: 'bob', email: 'bob@example.com', password: '123456789abc'
|
|
7
|
+
QuoVadis.two_factor_authentication_mandatory false
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
teardown do
|
|
12
|
+
QuoVadis.session_lifetime_extend_to_end_of_day false
|
|
13
|
+
QuoVadis.session_idle_timeout :lifetime
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
|
|
17
|
+
test 'require_authentication when not logged in' do
|
|
18
|
+
get secret_articles_path
|
|
19
|
+
|
|
20
|
+
assert_redirected_to quo_vadis.login_path
|
|
21
|
+
assert_equal 'Please log in first.', flash[:notice]
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
test 'require_authentication when logged in' do
|
|
26
|
+
login
|
|
27
|
+
get secret_articles_path
|
|
28
|
+
|
|
29
|
+
assert_response :success
|
|
30
|
+
assert_equal secret_articles_path, path
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
|
|
34
|
+
test 'require_authentication remembers original path' do
|
|
35
|
+
get also_secret_articles_path
|
|
36
|
+
assert_equal '/articles/also_secret', session[:qv_bookmark]
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
|
|
40
|
+
test 'require_two_factor_authentication when not logged in' do
|
|
41
|
+
QuoVadis.two_factor_authentication_mandatory true
|
|
42
|
+
get very_secret_articles_path
|
|
43
|
+
|
|
44
|
+
assert_redirected_to quo_vadis.login_path
|
|
45
|
+
assert_equal 'Please log in first.', flash[:notice]
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
|
|
49
|
+
test 'require_two_factor_authentication when logged in but second factor not required' do
|
|
50
|
+
QuoVadis.two_factor_authentication_mandatory false
|
|
51
|
+
login
|
|
52
|
+
get very_secret_articles_path
|
|
53
|
+
|
|
54
|
+
assert_response :success
|
|
55
|
+
assert_equal very_secret_articles_path, path
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
|
|
59
|
+
test 'require_two_factor_authentication when logged in and second factor required' do
|
|
60
|
+
QuoVadis.two_factor_authentication_mandatory true
|
|
61
|
+
login
|
|
62
|
+
get very_secret_articles_path
|
|
63
|
+
|
|
64
|
+
assert_redirected_to quo_vadis.challenge_totps_path
|
|
65
|
+
follow_redirect!
|
|
66
|
+
|
|
67
|
+
# This second redirect is part of the totps controller but I think
|
|
68
|
+
# it makes sense to test here.
|
|
69
|
+
assert_redirected_to quo_vadis.new_totp_path
|
|
70
|
+
assert_equal 'Please set up two factor authentication.', flash[:alert]
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
|
|
74
|
+
test 'require_two_factor_authentication when already authenticated with two factors' do
|
|
75
|
+
User.first.qv_account.create_totp! last_used_at: Time.now
|
|
76
|
+
QuoVadis.two_factor_authentication_mandatory true
|
|
77
|
+
login
|
|
78
|
+
QuoVadis::Session.last.authenticated_with_second_factor
|
|
79
|
+
|
|
80
|
+
get very_secret_articles_path
|
|
81
|
+
assert_equal very_secret_articles_path, path
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
|
|
85
|
+
test 'second_factor_required?' do
|
|
86
|
+
# 2FA optional, user has not set up 2nd factor
|
|
87
|
+
QuoVadis.two_factor_authentication_mandatory false
|
|
88
|
+
login
|
|
89
|
+
get articles_path
|
|
90
|
+
assert controller.logged_in?
|
|
91
|
+
refute controller.qv.second_factor_required?
|
|
92
|
+
|
|
93
|
+
# 2FA optional, user has set up 2nd factor
|
|
94
|
+
QuoVadis.two_factor_authentication_mandatory false
|
|
95
|
+
User.first.qv_account.create_totp! last_used_at: Time.now
|
|
96
|
+
login
|
|
97
|
+
get articles_path
|
|
98
|
+
assert controller.logged_in?
|
|
99
|
+
assert controller.qv.second_factor_required?
|
|
100
|
+
|
|
101
|
+
# 2FA mandatory
|
|
102
|
+
QuoVadis.two_factor_authentication_mandatory true
|
|
103
|
+
login
|
|
104
|
+
get articles_path
|
|
105
|
+
assert controller.logged_in?
|
|
106
|
+
assert controller.qv.second_factor_required?
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
|
|
110
|
+
test 'logged_in?' do
|
|
111
|
+
# not logged in
|
|
112
|
+
get articles_path
|
|
113
|
+
refute @controller.logged_in?
|
|
114
|
+
|
|
115
|
+
# logged in
|
|
116
|
+
login
|
|
117
|
+
get articles_path
|
|
118
|
+
assert @controller.logged_in?
|
|
119
|
+
|
|
120
|
+
# session remotely deleted
|
|
121
|
+
QuoVadis::Session.destroy jar.encrypted[QuoVadis.cookie_name]
|
|
122
|
+
get articles_path
|
|
123
|
+
refute @controller.logged_in?
|
|
124
|
+
|
|
125
|
+
# login and logout
|
|
126
|
+
login
|
|
127
|
+
get articles_path
|
|
128
|
+
logout
|
|
129
|
+
refute @controller.logged_in?
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
|
|
133
|
+
test 'login' do
|
|
134
|
+
QuoVadis.two_factor_authentication_mandatory false
|
|
135
|
+
|
|
136
|
+
get articles_path
|
|
137
|
+
session_id = session.id
|
|
138
|
+
assert_nil jar.encrypted[QuoVadis.cookie_name]
|
|
139
|
+
|
|
140
|
+
assert_difference 'QuoVadis::Session.count' do
|
|
141
|
+
# We want to test the controller mixin's login method, not the session
|
|
142
|
+
# controller's login action, i.e. the following:
|
|
143
|
+
#
|
|
144
|
+
# @controller.login user
|
|
145
|
+
#
|
|
146
|
+
# But we store the QuoVadis session id in an encrypted cookie, and we can
|
|
147
|
+
# only access cookies as part of a request-response cycle. So we have to
|
|
148
|
+
# trigger the mixin's login method via the session controller's login action.
|
|
149
|
+
login
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
refute_equal session_id, session.id
|
|
153
|
+
qv_session = QuoVadis::Session.last
|
|
154
|
+
assert_equal qv_session.id, jar.encrypted[QuoVadis.cookie_name]
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
|
|
158
|
+
test 'logout' do
|
|
159
|
+
login
|
|
160
|
+
|
|
161
|
+
session_id = session.id
|
|
162
|
+
qv_session_id = jar.encrypted[QuoVadis.cookie_name]
|
|
163
|
+
assert QuoVadis::Session.exists?(qv_session_id)
|
|
164
|
+
|
|
165
|
+
assert_difference 'QuoVadis::Session.count', -1 do
|
|
166
|
+
# We want to test the controller mixin's logout method, not the session
|
|
167
|
+
# controller's logout action, i.e. the following:
|
|
168
|
+
#
|
|
169
|
+
# @controller.logout
|
|
170
|
+
#
|
|
171
|
+
# But we store the QuoVadis session id in an encrypted cookie, and we can
|
|
172
|
+
# only access cookies as part of a request-response cycle. So we have to
|
|
173
|
+
# trigger the mixin's logout method via the session controller's logout action.
|
|
174
|
+
logout
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
refute_equal session_id, session.id
|
|
178
|
+
assert_nil jar.encrypted[QuoVadis.cookie_name]
|
|
179
|
+
refute QuoVadis::Session.exists?(qv_session_id)
|
|
180
|
+
end
|
|
181
|
+
|
|
182
|
+
|
|
183
|
+
test 'qv_logout_other_sessions' do
|
|
184
|
+
desktop = session_login
|
|
185
|
+
phone = session_login
|
|
186
|
+
|
|
187
|
+
desktop.controller.qv.logout_other_sessions
|
|
188
|
+
|
|
189
|
+
phone.get articles_path
|
|
190
|
+
refute phone.controller.logged_in?
|
|
191
|
+
|
|
192
|
+
desktop.get articles_path
|
|
193
|
+
assert desktop.controller.logged_in?
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
|
|
197
|
+
test 'authenticated_model' do
|
|
198
|
+
# not logged in
|
|
199
|
+
get articles_path
|
|
200
|
+
assert_nil @controller.authenticated_model
|
|
201
|
+
|
|
202
|
+
# logged in
|
|
203
|
+
login
|
|
204
|
+
get articles_path
|
|
205
|
+
assert_equal User.first, @controller.authenticated_model
|
|
206
|
+
end
|
|
207
|
+
|
|
208
|
+
|
|
209
|
+
test 'request_confirmation' do
|
|
210
|
+
get articles_path
|
|
211
|
+
|
|
212
|
+
assert_emails 1 do
|
|
213
|
+
controller.request_confirmation User.last
|
|
214
|
+
end
|
|
215
|
+
assert_equal 'A link to confirm your account has been emailed to you.', flash[:notice]
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
|
|
219
|
+
test 'session lifetime exceeded' do
|
|
220
|
+
QuoVadis.session_lifetime 1.week
|
|
221
|
+
login
|
|
222
|
+
|
|
223
|
+
travel 1.week
|
|
224
|
+
travel (-5).minutes
|
|
225
|
+
get articles_path
|
|
226
|
+
assert controller.logged_in?
|
|
227
|
+
|
|
228
|
+
travel 10.minutes
|
|
229
|
+
get articles_path
|
|
230
|
+
refute controller.logged_in?
|
|
231
|
+
end
|
|
232
|
+
|
|
233
|
+
|
|
234
|
+
test 'session lifetime extended to end of day' do
|
|
235
|
+
QuoVadis.session_lifetime 1.week
|
|
236
|
+
QuoVadis.session_lifetime_extend_to_end_of_day true
|
|
237
|
+
login
|
|
238
|
+
|
|
239
|
+
travel 1.week
|
|
240
|
+
travel 10.minutes
|
|
241
|
+
get articles_path
|
|
242
|
+
assert controller.logged_in?
|
|
243
|
+
|
|
244
|
+
travel 1.day
|
|
245
|
+
get articles_path
|
|
246
|
+
refute controller.logged_in?
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
|
|
250
|
+
test 'idle timeout exceeded' do
|
|
251
|
+
QuoVadis.session_lifetime 1.week
|
|
252
|
+
QuoVadis.session_idle_timeout 1.day
|
|
253
|
+
login
|
|
254
|
+
|
|
255
|
+
get articles_path
|
|
256
|
+
assert controller.logged_in?
|
|
257
|
+
|
|
258
|
+
travel 2.days
|
|
259
|
+
|
|
260
|
+
get articles_path
|
|
261
|
+
refute controller.logged_in?
|
|
262
|
+
end
|
|
263
|
+
|
|
264
|
+
|
|
265
|
+
private
|
|
266
|
+
|
|
267
|
+
def login
|
|
268
|
+
post quo_vadis.login_path(email: 'bob@example.com', password: '123456789abc')
|
|
269
|
+
end
|
|
270
|
+
|
|
271
|
+
def logout
|
|
272
|
+
delete quo_vadis.logout_path
|
|
273
|
+
end
|
|
274
|
+
|
|
275
|
+
def session_login
|
|
276
|
+
open_session do |sess|
|
|
277
|
+
sess.post quo_vadis.login_path(email: 'bob@example.com', password: '123456789abc')
|
|
278
|
+
end
|
|
279
|
+
end
|
|
280
|
+
end
|