mirror of
https://github.com/openfoodfoundation/openfoodnetwork
synced 2026-01-24 20:36:49 +00:00
Ask to login when not authenticated for order page
Redirect the user to the login page, instead of responding with HTTP 401.
This commit is contained in:
Kristina Lim
@@ -5,6 +5,7 @@ Spree::OrdersController.class_eval do
|
||||
before_filter :filter_order_params, only: :update
|
||||
before_filter :enable_embedded_shopfront
|
||||
|
||||
prepend_before_filter :require_order_authentication, only: :show
|
||||
prepend_before_filter :require_order_cycle, only: :edit
|
||||
prepend_before_filter :require_distributor_chosen, only: :edit
|
||||
before_filter :check_hub_ready_for_checkout, only: :edit
|
||||
@@ -128,6 +129,13 @@ Spree::OrdersController.class_eval do
|
||||
|
||||
private
|
||||
|
||||
def require_order_authentication
|
||||
return if session[:access_token] || params[:token] || spree_current_user
|
||||
|
||||
flash[:error] = I18n.t("spree.orders.edit.login_to_view_order")
|
||||
redirect_to root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
|
||||
end
|
||||
|
||||
def order_to_update
|
||||
return @order_to_update if defined? @order_to_update
|
||||
return @order_to_update = current_order unless params[:id]
|
||||
|
||||
@@ -2699,6 +2699,8 @@ See the %{link} to find out more about %{sitename}'s features and to start using
|
||||
inventory: Inventory
|
||||
zipcode: Postcode
|
||||
orders:
|
||||
edit:
|
||||
login_to_view_order: "Please log in to view your order."
|
||||
bought:
|
||||
item: "Already ordered in this order cycle"
|
||||
shipment_states:
|
||||
|
||||
@@ -63,9 +63,14 @@ describe Spree::OrdersController, type: :controller do
|
||||
context "when neither checked out as an anonymous guest nor logged in" do
|
||||
let(:current_user) { nil }
|
||||
|
||||
before do
|
||||
request.env["PATH_INFO"] = spree.order_path(order)
|
||||
end
|
||||
|
||||
it "redirects to unauthorized" do
|
||||
spree_get :show, id: order.number
|
||||
expect(response.status).to eq(401)
|
||||
expect(response).to redirect_to(root_path(anchor: "login?after_login=#{spree.order_path(order)}"))
|
||||
expect(flash[:error]).to eq("Please log in to view your order.")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -69,9 +69,14 @@ feature "Order Management", js: true do
|
||||
context "when not logged in" do
|
||||
let(:user) { create(:user) }
|
||||
|
||||
it "does not allow the user to see order details" do
|
||||
it "allows the user to see order details after login" do
|
||||
# Cannot load the page without signing in
|
||||
visit spree.order_path(order)
|
||||
expect(page).to_not be_confirmed_order_page
|
||||
|
||||
# Can load the page after signing in
|
||||
fill_in_and_submit_login_form user
|
||||
expect(page).to be_confirmed_order_page
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -54,9 +54,13 @@ module AuthenticationWorkflow
|
||||
user.spree_roles << user_role
|
||||
|
||||
visit spree.login_path
|
||||
fill_in 'email', :with => 'someone@ofn.org'
|
||||
fill_in 'password', :with => 'passw0rd'
|
||||
click_button 'Login'
|
||||
fill_in_and_submit_login_form user
|
||||
end
|
||||
|
||||
def fill_in_and_submit_login_form(user)
|
||||
fill_in "email", with: user.email
|
||||
fill_in "password", with: user.password
|
||||
click_button "Login"
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user