Log out when client cookie set to non existing customer (hotfix)

In normal circumstances this should not happen, but here we reset production data. Which may cause some people left with a cookie set.
RailsEventStore · Jan 7, 2024 · 6906ed5 · 6906ed5
1 parent e240d37
commit 6906ed5
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/rails_application/app/controllers/client/orders_controller.rb b/rails_application/app/controllers/client/orders_controller.rb
@@ -4,6 +4,10 @@ class OrdersController < ApplicationController
     layout 'client_panel'
 
     def index
+      if ClientOrders::Client.find_by(uid: cookies[:client_id]).nil?
+        redirect_to logout_path
+        return
+      end
       render html: ClientOrders::OrdersList.build(view_context, cookies[:client_id]), layout: true
     end
 

diff --git a/rails_application/test/integration/login_test.rb b/rails_application/test/integration/login_test.rb
@@ -32,6 +32,17 @@ def test_login_with_incorrect_password
     refute cookies["client_id"].present?
   end
 
+  def test_cookies_set_to_not_existing_customer_should_log_out_and_redirect_to_login
+    cookies["client_id"] = "not-existing-customer"
+
+    get "/client_orders"
+    follow_redirect!
+    follow_redirect!
+
+    refute cookies["client_id"].present?
+    assert_equal "/clients", response.original_url
+  end
+
   private
 
   def set_password(customer_id, password)