Confirm User#login_activities in auth/sessions spec (#35372)

2025-07-15 02:31:00 -04:00
parent 1637297085
commit 30344d6abf
6 changed files with 36 additions and 21 deletions
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -151,12 +151,11 @@ class Auth::SessionsController < Devise::SessionsController
    sign_in(user)
    flash.delete(:notice)

-    LoginActivity.create(
-      user: user,
-      success: true,
-      authentication_method: security_measure,
-      ip: request.remote_ip,
-      user_agent: request.user_agent
+    user.login_activities.create(
+      request_details.merge(
+        authentication_method: security_measure,
+        success: true
+      )
    )

    UserMailer.suspicious_sign_in(user, request.remote_ip, request.user_agent, Time.now.utc).deliver_later! if @login_is_suspicious
@@ -167,13 +166,12 @@ class Auth::SessionsController < Devise::SessionsController
  end

  def on_authentication_failure(user, security_measure, failure_reason)
-    LoginActivity.create(
-      user: user,
-      success: false,
-      authentication_method: security_measure,
-      failure_reason: failure_reason,
-      ip: request.remote_ip,
-      user_agent: request.user_agent
+    user.login_activities.create(
+      request_details.merge(
+        authentication_method: security_measure,
+        failure_reason: failure_reason,
+        success: false
+      )
    )

    # Only send a notification email every hour at most
@@ -182,6 +180,13 @@ class Auth::SessionsController < Devise::SessionsController
    UserMailer.failed_2fa(user, request.remote_ip, request.user_agent, Time.now.utc).deliver_later!
  end

+  def request_details
+    {
+      ip: request.remote_ip,
+      user_agent: request.user_agent,
+    }
+  end
+
  def second_factor_attempts_key(user)
    "2fa_auth_attempts:#{user.id}:#{Time.now.utc.hour}"
  end