RoR: testing an action that uses http token authentication

ruby-on-rails testing rspec2
JoseMarmolejos picture JoseMarmolejos · Aug 20, 2012 · Viewed 8k times · Source

I'm trying to test a controller that's using an http token authentication in the before filter. My problem is that it works ok wheh I use curl to pass the token, but in my tests it always fails (I'm using rspec btw). Tried a simple test to see if the token was being passed at all, but it seems like it's not doing so. Am I missing anything to get the test to actually pass the token to the controller?

Here's my before filter:

    def restrict_access
      authenticate_or_request_with_http_token do |token, options|
        api_key = ApiKey.find_by_access_token(token)
        @user = api_key.user unless api_key.nil?
        @token = token #set just for the sake of testing
        !api_key.nil?
      end 
    end

And here is my test:

    it "passes the token" do
      get :new, nil,
        :authorization => ActionController::HttpAuthentication::Token.encode_credentials("test_access1")

      assigns(:token).should be "test_access1"
    end

Answer

Serge Balyuk picture Serge Balyuk · Aug 20, 2012

I'm assuming ApiKey is an ActiveRecord model, correct? curl command runs against development database, and tests go against test db. I can't see anything that sets up ApiKey in your snippets. Unless you have it somewhere else, try adding something along these lines:

it "passes the token" do
  # use factory or just create record with AR:
  ApiKey.create!(:access_token => 'test_access1', ... rest of required attributes ...)

  # this part remains unchanged
  get :new, nil,
    :authorization => ActionController::HttpAuthentication::Token.encode_credentials("test_access1")

  assigns(:token).should be "test_access1"
end

You can later move it to before :each block or support module.

UPDATE:

After seeing your comment I had to look deeper. Here's another guess. This form of get

get '/path', nil, :authorization => 'string'

should work only in integration tests. And for controller tests auth preparation should look like this:

it "passes the token" do
  request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Token.encode_credentials("test_access1")
  get :new
  assigns(:token).should be "test_access1"
end

Reasons behind this come from method signatures for respective test modules:

# for action_controller/test_case.rb
def get(action, parameters = nil, session = nil, flash = nil)

# for action_dispatch/testing/integration.rb
def get(path, parameters = nil, headers = nil)

Related questions

How to run Rails console in the test environment and load test_helper.rb?

The background: I'm having some problems with Thoughtbot's "Factory Girl" gem, with is used to create objects to use in unit and other tests. I'd like to go to the console and run different Factory Girl calls to check out …

Read More
How to check a checkbox in capybara?

I'm using Rspec and Capybara. How can I write a step to check a checkbox? I've tried check by value but it can't find my checkbox. I'm not sure what to do, as I have in fact same ID with …

Read More
How to set request headers in rspec request spec?

In the controller spec, I can set http accept header like this: request.accept = "application/json" but in the request spec, "request" object is nil. So how can I do it here? The reason I want to set http accept …

Read More