Merge pull request #32 from RadiusNetworks/no-redirect-on-format-js

syoder · web-flow · commit 0c8a1568746d · 2018-05-14T13:01:19.000-04:00
do not redirect if format is :js
diff --git a/lib/kracken/controllers/authenticatable.rb b/lib/kracken/controllers/authenticatable.rb
@@ -37,12 +37,13 @@ def authenticate_user
 
       def authenticate_user!
         check_token_expiry!
-        unless user_signed_in?
-          if request.format == :json
-            render json: {error: '401 Unauthorized'}, status: :unauthorized
-          else
-            redirect_to_sign_in
-          end
+        return if user_signed_in?
+        if request.format == :json
+          render json: {error: '401 Unauthorized'}, status: :unauthorized
+        elsif request.format == :js
+          head :unauthorized
+        else
+          redirect_to_sign_in
         end
       end
 
diff --git a/spec/kracken/controllers/authenticatable_spec.rb b/spec/kracken/controllers/authenticatable_spec.rb
@@ -43,8 +43,12 @@ class ControllerDouble < BaseControllerDouble
       end
 
       context "when no users are logged in" do
-        it "#authenticate! redirects to root_url" do
-          allow(controller).to receive(:request).and_return(double(format: nil, fullpath: nil))
+        let(:html) { Mime::Type.lookup("text/html") }
+        let(:json) { Mime::Type.lookup("application/json") }
+        let(:js) { Mime::Type.lookup("application/javascript") }
+
+        it "#authenticate! redirects to root_url for format html" do
+          allow(controller).to receive(:request).and_return(double(format: html, fullpath: nil))
           allow(controller).to receive(:redirect_to)
 
           controller.authenticate_user!
@@ -56,6 +60,28 @@ class ControllerDouble < BaseControllerDouble
           expect(controller.user_signed_in?).to be_falsey
         end
 
+        it "#authenticate! doesn't redirect for format json" do
+          allow(controller).to receive(:request).and_return(double(format: json, fullpath: nil))
+          allow(controller).to receive(:redirect_to)
+          allow(controller).to receive(:render)
+
+          controller.authenticate_user!
+
+          expect(controller).not_to have_received(:redirect_to)
+          expect(controller).to have_received(:render)
+        end
+
+        it "#authenticate! doesn't redirect for format js" do
+          allow(controller).to receive(:request).and_return(double(format: js, fullpath: nil))
+          allow(controller).to receive(:redirect_to)
+          allow(controller).to receive(:head)
+
+          controller.authenticate_user!
+
+          expect(controller).not_to have_received(:redirect_to)
+          expect(controller).to have_received(:head).with(:unauthorized)
+        end
+
       end
 
       context "when a user is logged in" do
