Class: Panda::Core::Admin::TestSessionsController

Inherits:
ActionController::Base
  • Object
show all
Defined in:
app/controllers/panda/core/admin/test_sessions_controller.rb

Overview

Test-only controller for setting up authentication in system tests This bypasses OAuth to avoid cross-process issues with Capybara Security: This route is only defined in test environments, never in production

Usage in tests:

post "/admin/test_sessions", params: { user_id: user.id }
post "/admin/test_sessions", params: { user_id: user.id, return_to: "/some/path" }

Instance Method Summary collapse

Instance Method Details

#createObject 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'app/controllers/panda/core/admin/test_sessions_controller.rb', line 18

def create
  user = Panda::Core::User.find(params[:user_id])

  # Check if user is admin (mimics real OAuth behavior)
  unless user.admin?
    # Non-admin users are redirected to login with error (mimics real OAuth flow)
    flash[:alert] = "You do not have permission to access the admin area."
    # Keep flash for one more request to survive redirect in tests
    flash.keep(:alert) if Rails.env.test?
    # Use string path since route helpers aren't available in ActionController::Base
    redirect_to "#{Panda::Core.config.admin_path || "/admin"}/login", allow_other_host: false, status: :found
    return
  end

  # Set session (mimics real OAuth callback)
  session[:user_id] = user.id
  Panda::Core::Current.user = user

  # Support custom redirect path for test flexibility
  redirect_path = params[:return_to] || determine_default_redirect_path
  redirect_to redirect_path, allow_other_host: false, status: :found
rescue ActiveRecord::RecordNotFound
  render html: "User not found: #{params[:user_id]}", status: :not_found
rescue => e
  render html: "Error: #{e.class} - #{e.message}<br>#{e.backtrace.first(5).join("<br>")}", status: :internal_server_error
end