Bugfix: support token-based access for RSS feed of upvoted stories.

2020-06-19 18:13:27 -04:00 · 2020-06-19 18:13:27 -04:00 · 3cdae3fae5
parent 3f41dc300b
commit 3cdae3fae5
2 changed files with 20 additions and 1 deletions
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@ -4,7 +4,7 @@ class HomeController < ApplicationController
  caches_page :about, :chat, :index, :newest, :newest_by_user, :recent, :top, if: CACHE_PAGE

  # for rss feeds, load the user's tag filters if a token is passed
-  before_action :find_user_from_rss_token, :only => [:index, :newest, :saved]
+  before_action :find_user_from_rss_token, :only => [:index, :newest, :saved, :upvoted]
  before_action { @page = page }
  before_action :require_logged_in_user, :only => [:upvoted]

--- a/spec/controllers/home_controller_spec.rb
+++ b/spec/controllers/home_controller_spec.rb
@ -14,4 +14,23 @@ describe HomeController do
      expect(@controller.view_assigns['stories']).to include(story)
    end
  end
+
+  describe "#upvoted" do
+    it "redirects to the login page" do
+      get :upvoted
+      expect(response).to be_redirect
+    end
+
+    context "when accessing RSS feeds" do
+      it "supports session-based access" do
+        get :upvoted, as: :rss, session: { u: user.session_token }
+        expect(response).to be_successful
+      end
+
+      it "supports token-based access" do
+        get :upvoted, as: :rss, params: { token: user.rss_token }
+        expect(response).to be_successful
+      end
+    end
+  end
 end