add cucumber scenarii for the cross domain authentication feature

app/controllers/admin/cross_domain_sessions_controller.rb

@@ -12,10 +12,12 @@ module Admin
     before_filter :authenticate_admin!, :only => :new
 
     def new
-      site = current_admin.sites.detect { |s| s._id.to_s == params[:id] }
-      @target = site.domains_without_subdomain.first || site.domains_with_subdomain.first
-
-      current_admin.reset_switch_site_token!
+      if site = current_admin.sites.detect { |s| s._id.to_s == params[:target_id] }
+        @target = site.domains_without_subdomain.first || site.domains_with_subdomain.first
+        current_admin.reset_switch_site_token!
+      else
+        redirect_to admin_pages_path
+      end
     end
 
     def create

app/views/admin/shared/_header.html.haml

@@ -1,6 +1,8 @@
 %h1
   - if current_admin.sites.size > 1
-    = select_tag 'site', options_for_select(current_admin.sites.collect { |site| [site.name, new_admin_cross_domain_session_path(:id => site.id)] }, new_admin_cross_domain_session_path(:id => current_site.id)), :id => 'site-selector'
+    = form_tag new_admin_cross_domain_session_url, :method => 'get' do
+      = select_tag 'target_id', options_for_select(current_admin.sites.collect { |site| [site.name, site.id] }, current_site.id), :id => 'site-selector'
+      = submit_tag 'Switch', :style => 'display: none'
   - else
     = link_to current_site.name, admin_root_url, :class => 'single'
 

features/admin/cross_domain_authentication.feature

@@ -0,0 +1,24 @@
+@site_up
+@another_site_up
+@authenticated
+Feature:
+  In order to manage a new site I created
+  As an administrator signed in another site of mine
+  I want to bypass the authentication
+
+Scenario: Successful authentication
+  When I go to pages
+  Then I should see "Locomotive test website"
+  When I select "Locomotive test website #2" from "target_id"
+  And I press "Switch"
+  Then I should see "Cross-domain authentication"
+  When I press "Go"
+  Then I should see "Locomotive test website #2"
+
+Scenario: Failed authentication because of an outdated token
+  When I go to pages
+  And I select "Locomotive test website #2" from "target_id"
+  And I press "Switch"
+  And I forget to press the button on the cross-domain notice page
+  And I press "Go"
+  Then I should see "You need to sign in"

features/step_definitions/admin_steps.rb

@@ -3,6 +3,10 @@ Before('@site_up') do
   create_layout_samples
 end
 
+Before('@another_site_up') do
+  add_new_site
+end
+
 Before('@authenticated') do
   Given %{I am an authenticated user}
 end
@@ -38,7 +42,14 @@ Then /^I should have "(.*)" in the (.*) page (.*)$/ do |content, page_slug, slug
   part.value.should == content
 end
 
-## Common
+### Cross-domain authentication
+
+When /^I forget to press the button on the cross-domain notice page$/ do
+  @admin.updated_at = 2.minutes.ago
+  Mongoid::Persistence::Update.new(@admin).send(:update)
+end
+
+### Common
 
 def create_site_and_admin_account
   @site = Factory(:site, :name => 'Locomotive test website', :subdomain => 'test')
@@ -47,6 +58,12 @@ def create_site_and_admin_account
   @site.save
 end
 
+def add_new_site
+  @another_site = Factory.build(:site, :name => 'Locomotive test website #2', :subdomain => 'test2')
+  @another_site.memberships.build :account => @admin, :admin => true
+  @another_site.save
+end
+
 def create_layout_samples
   Factory(:layout, :site => @site, :name => 'One column', :value => %{<html>
     <head>

public/javascripts/admin/application.js

@@ -121,7 +121,7 @@ $(document).ready(function() {
 
   // site selector
   $('#site-selector').selectmenu({ style: 'dropdown', width: 300, offsetTop: 8, change: function(event, ui) {
-    window.location.href = ui.value;
+    $('#site-selector').parent().submit();
   } });
 
 });