Prevent access to '/my' for users who are not logged in

2 files changed, 21 insertions, 7 deletions

diff --git a/perllib/FixMyStreet/App/Controller/My.pm b/perllib/FixMyStreet/App/Controller/My.pm
index 4c509ec80..1189fe901 100644
--- a/perllib/FixMyStreet/App/Controller/My.pm
+++ b/perllib/FixMyStreet/App/Controller/My.pm
@@ -20,10 +20,15 @@ Catalyst Controller.
 
 =cut
 
-# FIXME - only logged in users should get to here.
-
 sub my : Path : Args(0) {
     my ( $self, $c ) = @_;
+
+    # FIXME - handle not being logged in more elegantly
+    unless ( $c->user ) {
+        $c->res->redirect( $c->uri_for('/auth') );
+        $c->detach;
+    }
+
 }
 
 __PACKAGE__->meta->make_immutable;
diff --git a/t/app/controller/my.t b/t/app/controller/my.t
index e018a8941..1ed6806a4 100644
--- a/t/app/controller/my.t
+++ b/t/app/controller/my.t
@@ -1,10 +1,19 @@
 use strict;
 use warnings;
-use Test::More;
 
+use Test::More tests => 11;
 
-use Catalyst::Test 'FixMyStreet::App';
-use FixMyStreet::App::Controller::My;
+use FixMyStreet::TestMech;
+my $mech = FixMyStreet::TestMech->new;
+
+$mech->get_ok('/my');
+is $mech->uri->path, '/auth', "got sent to the login page";
+
+# login
+my $user = $mech->log_in_ok( 'test@example.com' );
+$mech->get_ok('/my');
+is $mech->uri->path, '/my', "stayed on '/my/' page";
+
+# cleanup
+$mech->delete_user( $user );
 
-ok( request('/my')->is_success, 'Request should succeed' );
-done_testing();