If maintenance_token is nil, you can't pass an empty token to get in.

2018-07-19 12:59:29 -05:00 · 2018-07-19 12:59:29 -05:00 · 1ad29e7436
commit 1ad29e7436
parent 3ed6b06b21
2 changed files with 19 additions and 1 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -22,7 +22,7 @@ class ApplicationController < ActionController::Base
 	def redirect_to_maintenance
 		if (Settings&.maintenance&.maintenance_mode && !current_user)
 			unless (self.class == Users::SessionsController &&
-							(params[:maintenance_token] == Settings.maintenance.maintenance_token || params[:format] == 'json'))
+							((Settings.maintenance.maintenance_token && params[:maintenance_token] == Settings.maintenance.maintenance_token) || params[:format] == 'json'))
 				redirect_to Settings.maintenance.maintenance_page
 			end
 		end
--- a/spec/requests/maintenance_spec.rb
+++ b/spec/requests/maintenance_spec.rb
@ -90,6 +90,24 @@ describe 'Maintenance Mode' do
      end
    end

+    describe 'in maintenance without maintenance_token set' do
+      before(:each) do
+        @request.env["devise.mapping"] = Devise.mappings[:user]
+      end
+      before(:each) do
+        Settings.merge!({maintenance:
+                             {maintenance_mode: true,
+                              maintenance_token: nil,
+                              maintenance_page: page}})
+      end
+
+      it 'redirects sign_in if the token is nil' do
+        get(:new)
+        expect(response.code).to eq "302"
+        expect(response.location).to eq page
+      end
+    end
+
  end

  # it 'redirect to general user' do