Merge remote-tracking branch 'origin/main' into bugfix/480-fix-minor-bugs
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
commit
3cc35d0293
GPG key ID:
40E7A58C4AA1EDB2
5 changed files with 56 additions and 32 deletions
|
|
@ -40,12 +40,41 @@ defmodule MvWeb.AuthControllerTest do
|
|||
assert html =~ "mila.svg" or html =~ "Mila Logo"
|
||||
end
|
||||
|
||||
test "GET /sign-out redirects to home", %{conn: authenticated_conn} do
|
||||
test "GET /sign-out shows confirmation; submitting sign-out redirects to home", %{
|
||||
conn: authenticated_conn
|
||||
} do
|
||||
conn = conn_with_oidc_user(authenticated_conn)
|
||||
|
||||
conn = get(conn, ~p"/sign-out")
|
||||
html = html_response(conn, 200)
|
||||
|
||||
# AshAuthentication.Phoenix: GET renders SignOutLive (logout CSRF protection), not an immediate redirect.
|
||||
assert html =~ "Sign out"
|
||||
|
||||
csrf_token = csrf_token_from_sign_out_form(html)
|
||||
|
||||
conn =
|
||||
post(conn, ~p"/sign-out", %{
|
||||
"_method" => "delete",
|
||||
"_csrf_token" => csrf_token
|
||||
})
|
||||
|
||||
assert redirected_to(conn) == ~p"/"
|
||||
end
|
||||
|
||||
defp csrf_token_from_sign_out_form(html) when is_binary(html) do
|
||||
case Regex.run(~r/name="_csrf_token"[^>]*value="([^"]+)"/, html) do
|
||||
[_, token] ->
|
||||
token
|
||||
|
||||
_ ->
|
||||
case Regex.run(~r/value="([^"]+)"[^>]*name="_csrf_token"/, html) do
|
||||
[_, token] -> token
|
||||
_ -> flunk("expected sign-out page HTML to include a _csrf_token hidden field")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# Password authentication (LiveView)
|
||||
test "password user can sign in with valid credentials via LiveView", %{
|
||||
conn: authenticated_conn
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue