From 6906ed5b682c8ae39f94320f07eb9913f7339191 Mon Sep 17 00:00:00 2001 From: Andrzej Krzywda Date: Sun, 7 Jan 2024 16:53:23 +0100 Subject: [PATCH] Log out when client cookie set to non existing customer (hotfix) In normal circumstances this should not happen, but here we reset production data. Which may cause some people left with a cookie set. --- .../app/controllers/client/orders_controller.rb | 4 ++++ rails_application/test/integration/login_test.rb | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/rails_application/app/controllers/client/orders_controller.rb b/rails_application/app/controllers/client/orders_controller.rb index d52fd97ff..2c13bea7e 100644 --- a/rails_application/app/controllers/client/orders_controller.rb +++ b/rails_application/app/controllers/client/orders_controller.rb @@ -4,6 +4,10 @@ class OrdersController < ApplicationController layout 'client_panel' def index + if ClientOrders::Client.find_by(uid: cookies[:client_id]).nil? + redirect_to logout_path + return + end render html: ClientOrders::OrdersList.build(view_context, cookies[:client_id]), layout: true end diff --git a/rails_application/test/integration/login_test.rb b/rails_application/test/integration/login_test.rb index 531de6b36..96005ae00 100644 --- a/rails_application/test/integration/login_test.rb +++ b/rails_application/test/integration/login_test.rb @@ -32,6 +32,17 @@ def test_login_with_incorrect_password refute cookies["client_id"].present? end + def test_cookies_set_to_not_existing_customer_should_log_out_and_redirect_to_login + cookies["client_id"] = "not-existing-customer" + + get "/client_orders" + follow_redirect! + follow_redirect! + + refute cookies["client_id"].present? + assert_equal "/clients", response.original_url + end + private def set_password(customer_id, password)