If you have succeeded in testing post, put, and delete http methods of a Rails API protected with the doorkeeper OAuth2 provider gem, please share and I'll give you the love.
The doorkeeper wiki documentation and sample application show pretty well how to test a get method. I succeeded testing a post with something like what follows using the Capybara test driver with Cucumber. Failed to test any API that routes from put or delete. Failed to post using an rspec test.
#user = create :user
#client = create(:oauth_application)
#token = create(:oauth_token, :application => #client, :resource_owner_id => #user)
json_for_new_entry = {
date_attr: Time.now.to_date,
decimal_attr: '1.1',
string_attr: 'oath2, you make me blue',
bool_attr: false,
int_attr: 1
}.to_json
page.driver.header 'Authorization', "Bearer #{#token.token}"
page.driver.post api_entry_path, json_for_new_entry,
'CONTENT_TYPE' => 'application/json'
The factories are nothing special:
factory :user, :class => User do |user|
sequence :email do |n| "user#{n}#example.com" end
pwd = "password"
password pwd
end
factory :oauth_application, :class => Doorkeeper::Application do
sequence(:name) { |n| "application_name_#{n}" }
#redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
redirect_uri 'http://localhost:3000/'
end
factory :oauth_token, :class => Doorkeeper::AccessToken do
association :application, :factory => :oauth_application
association :resource_owner_id, :factory => :user
end
My environment is a little behind latest versions:
rails gems at 3.1.12
capybara 2.2.0
cucumber 1.3.10
devise 2.2.7
warden 1.2.3
doorkeeper 0.7.4
rspec-core 2.14.5
rspec-expectations 2.14.3
rspec-mocks 2.14.3
rspec-rails 2.14.0
Assuming the intention of your test is to verify the underlying API functionality and not the doorkeeper protection then this is the hack I use:
In my base controller:
module Api
class BaseController < ActionController::Base
doorkeeper_for :all unless Rails.env.test?
private
def current_user
if Rails.env.test? && $test_user
$test_user
else
#current_user ||= User.find(doorkeeper_token.resource_owner_id)
end
end
end
end
In my tests I have a login helper:
def login(user)
$test_user = user
end
def logout
$test_user = nil
end
I'm not proud of that code but nonetheless I can now get on with my life instead of worrying about how to make rails/doorkeeper/capybara et al work together during testing.
You can use the example included in doorkeeper wiki as follow
describe Api::V1::ProfilesController do
describe 'GET #index' do
let(:token) { double :acceptable? => true }
before do
controller.stub(:doorkeeper_token) { token }
# allow(controller).to receive(:doorkeeper_token) {token} # => RSpec 3
end
it 'responds with 200' do
get :index, :format => :json
response.status.should eq(200)
end
end
end
I used the answer that Moustafa gave, but I wanted to DRY it up so I put the following into spec/support/doorkeeper_oauth.rb:
shared_context "doorkeeper_oauth", oauth: true do
let(:dummy_token) { double(:acceptable? => true) }
before do
if controller.present?
allow(controller).to receive(:doorkeeper_token) { dummy_token }
end
end
Then, in your controller spec you change the opening line slightly:
describe Api::V2::WidgetsController, oauth: true do
which pulls in the shared context via the "metadata" method.
edit: I have used this for at least GET and POST, which success in both cases.
Related
I am using Rspec, FactoryGirl and Spork for my tests.There are 2 things I am a litte unclear on, first is the location of my factories.rb file. At present I have it located in
spec/support/factories.rb
And it looks like this
FactoryGirl.define do
factory :user do
email "example#yahoo.com"
password "password"
password_confirmation "password"
confirmed_at Time.now
end
end
Within my spec_helper I have
config.include FactoryGirl::Syntax::Methods
Secondly I want to login a user before starting my tests for a controller , this particular controller has a before filter :authenticate_user!
I am using devise for my authentication so have added
config.include Devise::TestHelpers, :type => :controller
Reading the devise docs you can add a controller_macros.rb and specify methods like so to use
def login_user
before(:each) do
#request.env["devise.mapping"] = Devise.mappings[:user]
user = FactoryGirl.create(:user)
user.confirm! # or set a confirmed_at inside the factory. Only necessary if you are using the confirmable module
sign_in user
end
end
And so i added this also to my spec_helper
config.include ControllerMacros, :type => :controller
So when I add login_user before my controller tests i get undefined method login_user. Am i using two tools here to do the same thing? Do I actually need the devise methods or can it all be done with factoryGirl. If so how do i setup the login process before i can test a controller?
Factories location should be in spec/factories. Check out this example app https://github.com/RailsApps/rails3-devise-rspec-cucumber/tree/master/spec.
For login, generally you seems to doing it right. Check the example app again and here: https://github.com/plataformatec/devise/wiki/How-To:-Controllers-and-Views-tests-with-Rails-3-%28and-rspec%29
For the undefined method login_user error be sure to have
Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
and
config.extend ControllerMacros, :type => :controller
in spec_helper. Devise methods should be available wtih subject:
subject.current_user.should_not be_nil
I try to test one of my REST api controllers which is placed at "controllers/api/v1/bookings_controller.rb". The controller only responds_to json at the moment as you can see here:
class Api::V1::BookingsController < ApplicationController
respond_to :json
before_filter :authenticate_user!
before_filter :get_user
def create
...
end
end
My functional test is located at "test/functional/api/v1/bookings_controller_test.rb" and looks like following:
require 'test_helper'
class Api::V1::BookingsControllerTest < ActionController::TestCase
include Devise::TestHelpers
setup do
#booking = bookings(:one)
#user = users(:one)
sign_in #user
end
test "should return a bad request" do
post :create, :booking => { }, :format => 'json'
assert_response :bad_request
end
end
The post path for creating a booking looks like this (and works, tested with HTTP Client):
api_v1_user_bookings
GET /api/v1/users/:user_id/bookings(.:format) api/v1/bookings#index
POST /api/v1/users/:user_id/bookings(.:format) api/v1/bookings#create
However when I run the test it seems that it uses some default route (see error message below), how can i specify the correct route in my test? Or is there some other mistake I do not see here?
test_should_return_a_bad_request(Api::V1::BookingsControllerTest):
ActionController::RoutingError: No route matches {:booking=>{}, :format=>"js
on", :controller=>"api/v1/bookings", :action=>"create"}
Your route expects a user_id parameter. Add it to your post:
post :create, :user_id => #user.id, :booking => {}, :format => :json
Ok, I think I figured it out now. I just had to add the user-id, otherwise it seems that rails does not select the right route. So the correct test method looks like this:
test "should return a bad request" do
post :create, :user_id => #user.id, :booking => { }, :format => 'json'
assert_response :bad_request
end
i want to rebuild an app which is a typical rails 3.2 mvc app into a API + Frontend (Backbone) only. As I have no experience in building APIs in rails including authenticatin:
What's the best way to authenticate with devise using backbone? Using auth_tokens?
How should I make he API? Just printing out JSON or use a gem like Grape?
thanks in advance!
I can explain you the way i do this :
First, i install a standard rails application with devise. After that, i create my own session controller :
class SessionsController < ApplicationController
def authenticate
# this method logs you in and returns you a single_access_token token for authentication.
#user = User.find_for_authentication(:email => params[:user][:email])
if #user && #user.valid_password?(params[:user][:password])
render :json => {:user => {:email => #user.email, :id => #user.id, :firsname => #user.firstname, :lastname => #user.lastname, :team_id => #user.team_id, :singleAccessToken => #user.generate_access_token}}
else
render :json => {:errors => ["Nom d'utilisateur ou mot de passe invalide"]}, :status => 401
end
end
end
As you can see, i send a request to this url with the json looking like :
{
user => {
email => "myemail#toto.com",
password => "monpass"
}
}
And my controller return me the json with user data if every thing is fine, or an error. On json with user, i return an access_token used on next requests to check that the user is allowed to request. I made this filters in my application controller :
class ApplicationController < ActionController::Base
protect_from_forgery
protected
def user_access_token
request.headers["HTTP_X_USER_ACCESS_TOKEN"] || request.headers["HTTP_USER_ACCESS_TOKEN"]
end
def current_user
if token = user_access_token
#user ||= User.find_by_access_token(token)
end
end
def require_user
unless current_user
render :json => {:error => "Invalid Access Token"}, :status => 401
end
end
def require_owner
unless current_user && current_user == object.user
render :json => {:error => "Unauthorized"}
end
end
end
As you can see, on each next request, i will add the access_token in html header on key : HTTP_USER_ACCESS_TOKEN
So, i can check if the user is allowed to make the request.
To make an API, you can use the Rails API gem as see here :
http://railscasts.com/episodes/348-the-rails-api-gem
Good luck.
My Rails 3.2 app uses OmniAuth and Devise to sign in with Twitter. The authentication system works fine. I would like to write an integration test in rspec to make sure everything works. Using the information in the wiki, I've written the following, but I know I'm missing things.
Under test.rb in config/environments, I have the following lines
OmniAuth.config.test_mode = true
OmniAuth.config.mock_auth[:twitter] = {:provider => 'twitter', :uid => '123545'}
My rspec test looks like this:
describe "Authentications" do
context "without signing into app" do
it "twitter sign in button should lead to twitter authentication page" do
visit root_path
click_link "Sign in with Twitter"
Authentication.last.uid.should == '123545'
end
end
end
Authentication is the name of my model and calling .uid in rails console returns the string fine.
I'm getting the following error when I run this test:
Failure/Error: Authentication.last.uid.should == '123545'
NoMethodError:
undefined method `uid' for nil:NilClass
Can anyone help me figure out how to use the OmniAuth mocks that are provided? An explanation for why and how it works would be appreciated as well.
I run into something similar.
After changing my mock object from using symbol keys:
OmniAuth.config.mock_auth[:twitter] = {
:uid => '1337',
:provider => 'twitter',
:info => {
:name => 'JonnieHallman'
}
}
to using string keys:
OmniAuth.config.mock_auth[:twitter] = {
'uid' => '1337',
'provider' => 'twitter',
'info' => {
'name' => 'JonnieHallman'
}
}
it worked.
And do you have
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:twitter]
somewhere in your testcase?
Did you try moving these two lines to spec_helper.rb?
OmniAuth.config.test_mode = true
OmniAuth.config.mock_auth[:twitter] = {:provider => 'twitter', :uid => '123545'}
Also add the following before block in your test file:
before do
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:twitter]
end
You can find more info on this link: https://github.com/intridea/omniauth/wiki/Integration-Testing
I highly suggest this answer
In short...
Set up the mock
Make the request
Test whatever code is attached to the callback
For example: test the session['uid'] was set (although, I opt to test only what the user sees, or, rather, does not see)
My code...
config/environments/test.rb
Rails.application.configure do
...
OmniAuth.config.test_mode = true
OmniAuth.config.mock_auth[:linkedin] = {
'provider' => 'linkedin',
'uid' => '123545',
'info'=>
{ 'email'=>'infinite#jest.com',
'first_name'=>'Dave',
'last_name'=>'Wallace' }
}
end
spec/features/sign_in_feature_spec.rb
require 'rails_helper'
feature 'Sign in with LinkedIn' do
before do
OmniAuth.config.add_mock(:linkedin, {:uid => '12345'})
end
let(:user) { create(:user) }
scenario 'with valid email and password' do
visit '/'
expect(page).to have_no_content 'Sign Out'
click_link 'nav-sign-in' # image/button: Sign in with LinkedIn
expect(page).to have_content 'Sign Out'
end
end
Let me know if/how I may improve this solution (and my code!)
Selected solution does not work for me.
My solution i get from https://gist.github.com/kinopyo/1338738
and official doc https://github.com/intridea/omniauth/wiki/Integration-Testing
here:
# in spec/support/omniauth_macros.rb
module OmniauthMacros
def mock_auth_hash
# The mock_auth configuration allows you to set per-provider (or default)
# authentication hashes to return during integration testing.
OmniAuth.config.mock_auth[:odnoklassniki] = OmniAuth::AuthHash.new({
:provider => 'odnoklassniki',
:uid => '123545',
:info => OmniAuth::AuthHash::InfoHash.new({
:name => 'mockuser'
})
})
end
end
# in spec/spec_helper.rb
RSpec.configure do |config|
# email spec
config.include(EmailSpec::Helpers)
config.include(EmailSpec::Matchers)
end
OmniAuth.config.test_mode = true
# in spec example:
visit new_user_registration_path
mock_auth_hash
find('#btn-odnoklassniki').click # here is link generated as omniauth_authorize_path(resource_name, provider)
I have an application that will have an API, with a /api/v1/ namespace:
namespace :api do
namespace :v1 do
resources :gateways do
resources :mappings do
# maybe more stuff
end
end
end
end
my application uses devise and cancan.
My mappings controller down in app/controllers/api/v1/mappings_controller.rb works correctly from rspec test cases if I leave out :format=>:yaml (asking for HTML, and getting a 406).
If I ask for :yaml, devise seems to think that my test user is not allowed.
My test case is stupid simple:
describe "Agent access to mappings" do
it "gets a list of mappings that includes test_user mapping" do
#test_agent = users(:firewallagent)
sign_in(#test_agent)
get :show, {:gateway_id => 1, :id => 2} #, :format => :yaml
assert_response 200
end
end
I can't see anything in devise/warden which would be format specific, but maybe I've missed it.
The fault was that :format=>:yaml needs to go into the first hash, rather than into the second hash for get. So:
get :show, {:gateway_id => 1, :id => 2, :format => :yaml}