Updates specs, and adds manifest file for CI

lankyfrenchman · lankyfrenchman · commit 8f7e6d7cb523 · 2020-08-10T15:44:19.000-04:00
diff --git a/lib/kracken/controllers/authenticatable.rb b/lib/kracken/controllers/authenticatable.rb
@@ -6,7 +6,7 @@ module Authenticatable
 
       def self.included(base)
         base.instance_exec do
-          before_action :handle_user_cache_cookie!
+          before_action :handle_user_cache_key!
           before_action :authenticate_user!
           helper_method :sign_out_path, :sign_up_path, :sign_in_path,
                         :current_user, :user_signed_in?
@@ -64,13 +64,12 @@ def check_token_expiry!
       #
       # This method will:
       #
-      #  - Check for the `_radius_user_cache_key` tld cookie
-      #  - If the key is "none" log them out
+      #  - Check for the presence of a user cache key in Redis
       #  - Compare it to the `user_cache_key` in the session
       #  - If they don't match, redirect them to the oauth provider and
-      #    delete the cookie
+      #    delete the session
       #
-      def handle_user_cache_cookie!
+      def handle_user_cache_key!
         return unless session_present?
         return if session_and_redis_match?
 
diff --git a/spec/kracken/controllers/authenticatable_spec.rb b/spec/kracken/controllers/authenticatable_spec.rb
@@ -136,47 +136,34 @@ class ControllerDouble < BaseControllerDouble
           expect(controller).to_not have_received(:redirect_to)
         end
 
-        context "user cache cookie" do
-          it "nothing if the cache cookie does not exist" do
-            allow(controller).to receive(:request).and_return(double(format: nil, fullpath: nil))
-            allow(controller).to receive(:redirect_to)
+        context "user cache key" do
+          it "ends session and redirects if stored key does not match session key" do
             controller.session[:user_cache_key] = "123"
+            controller.session[:user_uid] = "123"
 
-            controller.handle_user_cache_cookie!
-
-            expect(controller).to_not have_received(:redirect_to)
-          end
-
-          it "signs the current user out when the cache cookie is 'none'" do
             allow(controller).to receive(:request).and_return(double(format: nil, fullpath: nil))
             allow(controller).to receive(:redirect_to)
-            controller.cookies[:_radius_user_cache_key] = "123"
-            controller.session[:user_cache_key] = "123"
+            allow(Kracken::SessionManager).to receive(:get).and_return("456")
 
-            controller.handle_user_cache_cookie!
+            expect(controller).to receive(:redirect_to).with("/")
+            expect(controller.session).to receive(:delete).with(:user_id)
+            expect(controller.session).to receive(:delete).with(:user_uid)
+            expect(controller.session).to receive(:delete).with(:user_cache_key)
 
-            expect(controller).to_not have_received(:redirect_to)
+            controller.handle_user_cache_key!
           end
 
-          it "redirects when the cache cookie is different than the session" do
-            allow(controller).to receive(:request).and_return(double(format: nil, fullpath: nil))
-            allow(controller).to receive(:cookies).and_return({_radius_user_cache_key: "123"})
-            allow(controller).to receive(:redirect_to)
-            controller.handle_user_cache_cookie!
-
-            expect(controller).to have_received(:redirect_to).with("/")
-          end
+          it "does nothing if session keys match" do
+            controller.session[:user_cache_key] = "123"
+            controller.session[:user_uid] = "123"
 
-          it "does not redirect when the cache cookie matches the session" do
-            controller.session = spy
+            allow(controller).to receive(:request).and_return(double(format: nil, fullpath: nil))
             allow(controller).to receive(:redirect_to)
-            controller.cookies[:_radius_user_cache_key] = "none"
+            allow(Kracken::SessionManager).to receive(:get).and_return("123")
 
-            controller.handle_user_cache_cookie!
+            expect(controller).to_not receive(:redirect_to).with("/")
 
-            expect(controller).to_not have_received(:redirect_to)
-            expect(controller.session).to have_received(:delete).with(:user_id)
-            expect(controller.session).to have_received(:delete).with(:user_cache_key)
+            controller.handle_user_cache_key!
           end
         end
       end
