do not redirect if format is :js

syoder · syoder · commit 683db03f53a2 · 2018-05-14T11:30:08.000-04:00
diff --git a/lib/kracken/controllers/authenticatable.rb b/lib/kracken/controllers/authenticatable.rb
@@ -38,8 +38,11 @@ def authenticate_user
       def authenticate_user!
         check_token_expiry!
         unless user_signed_in?
-          if request.format == :json
+          case request.format
+          when :json
             render json: {error: '401 Unauthorized'}, status: :unauthorized
+          when :js
+            head :unauthorized
           else
             redirect_to_sign_in
           end
diff --git a/spec/kracken/controllers/authenticatable_spec.rb b/spec/kracken/controllers/authenticatable_spec.rb
@@ -43,8 +43,8 @@ class ControllerDouble < BaseControllerDouble
       end
 
       context "when no users are logged in" do
-        it "#authenticate! redirects to root_url" do
-          allow(controller).to receive(:request).and_return(double(format: nil, fullpath: nil))
+        it "#authenticate! redirects to root_url for format html" do
+          allow(controller).to receive(:request).and_return(double(format: :html, fullpath: nil))
           allow(controller).to receive(:redirect_to)
 
           controller.authenticate_user!
@@ -56,6 +56,28 @@ class ControllerDouble < BaseControllerDouble
           expect(controller.user_signed_in?).to be_falsey
         end
 
+        it "#authenticate! doesn't redirect for format json" do
+          allow(controller).to receive(:request).and_return(double(format: :json, fullpath: nil))
+          allow(controller).to receive(:redirect_to)
+          allow(controller).to receive(:render)
+
+          controller.authenticate_user!
+
+          expect(controller).not_to have_received(:redirect_to)
+          expect(controller).to have_received(:render)
+        end
+
+        it "#authenticate! doesn't redirect for format js" do
+          allow(controller).to receive(:request).and_return(double(format: :js, fullpath: nil))
+          allow(controller).to receive(:redirect_to)
+          allow(controller).to receive(:head)
+
+          controller.authenticate_user!
+
+          expect(controller).not_to have_received(:redirect_to)
+          expect(controller).to have_received(:head).with(:unauthorized)
+        end
+
       end
 
       context "when a user is logged in" do
