I want to mock custom devise strategies to authenticate user in my feature specs. To stub request to 3th party app I'm using WebMock with the implementation below:
spec/utility/stub_methods.rb
def stub_aware_auth(creds, returns_token, _valid)
stub_request(:post, "http://example.com/oauth/token").
with(body: {"grant_type" => "password", "password" => creds.password, "username" => creds.email},
headers: {'Accept' => '*/*', 'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type' => 'application/x-www-form-urlencoded'}).
to_return(status: 200, body: {'access_token' => returns_token, 'token_type' => 'bearer', 'expires_in' => 1200}.to_json, headers: {})
end
Which is called in the spec by:
context 'AWARxE authenticated user' do
before do
stub_aware_auth(creds, return_token, valid)
end
let(:creds) do
OpenStruct.new(email: 'physiciansreallyshouldonlyautoauth#example.com', password: "Ican'tb3li3v3itsn0tbutt3r")
end
let(:return_token) { SecureRandom.hex(32) }
let(:valid) { true }
# other logic (...)
end
spec_helper.rb
WebMock.disable_net_connect!(allow_localhost: true)
Which works quite surprisingly wired because if in one test example it has to use stub_aware_auth twice, the first request returns the defined result but the second throws an error:
WebMock::NetConnectNotAllowedError: Real HTTP connections are disabled. Unregistered request: POST http://example.com/oauth/token with body 'grant_type=password&password=Ican%27tb3li3v3itsn0tbutt3r&username=PHYSICIANSREALLYSHOULDONLYAUTOAUTH%40EXAMPLE.COM' with headers {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type'=>'application/x-www-form-urlencoded', 'User-Agent'=>'Faraday v0.12.1'}
You can stub this request with the following snippet:
stub_request(:post, "http://example.com/oauth/token").
with(body: {"grant_type"=>"password", "password"=>"Ican'tb3li3v3itsn0tbutt3r", "username"=>"PHYSICIANSREALLYSHOULDONLYAUTOAUTH#EXAMPLE.COM"},
headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type'=>'application/x-www-form-urlencoded', 'User-Agent'=>'Faraday v0.12.1'}).
to_return(status: 200, body: "", headers: {})
registered request stubs:
stub_request(:get, "http://example.com/api/v1/user").
with(headers: {'Authorization'=>'Bearer dc2dcf4c5b47ffcfea28c26490ed2a0e2580f152dfb18dbfc97670028d24ecaa'})
stub_request(:post, "http://example.com/oauth/token").
with(body: {"grant_type"=>"password", "password"=>"Ican'tb3li3v3itsn0tbutt3r", "username"=>"physiciansreallyshouldonlyautoauth#example.com"},
headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type'=>'application/x-www-form-urlencoded'})
Which is surprised because WebMock.disable_net_connect!(allow_localhost: true) is defined in spec_helper.
[EDIT]
Full failed example if it helps:
spec/features/login_strategies_spec.rb
context 'AWARxE authenticated user' do
before do
stub_aware_auth(creds, return_token, valid)
end
let(:return_token) { SecureRandom.hex(32) }
let(:valid) { true }
context 'physician' do
let(:creds) do
OpenStruct.new(email: 'physiciansreallyshouldonlyautoauth#example.com', password: "Ican'tb3li3v3itsn0tbutt3r")
end
let(:user) { build(:physician) }
before do
stub_aware_user_info(user, 'Physician (MD, DO)', return_token, valid, 1)
end
# some other it block (...)
context 'case insensitive' do
let(:valid) { true }
let(:uppercase_email_creds) {
OpenStruct.new(email: creds.email.upcase, password: creds.password)
}
scenario 'logging in with upper case email' do
expect { subject }.to change(Login, :count)
logout
expect {
login(uppercase_email_creds)
}.to_not change(Login, :count)
expect(page).to have_current_path(name_search_registrants_url, url: true)
end
end
end
The stub you are creating is still on the original creds with the lowercase email. There is no possibility for webmock to mock the call unless you actually call something like
stub_aware_auth(uppercase_email_creds, return_token, valid)
If you actualy expect the app to call out with lowercase email in body, then the test fails because it should fail, it is calling out with the email in uppercase:
You can stub this request with the following snippet:
stub_request(:post, "http://example.com/oauth/token").
with(body: {..., "username"=>"PHYSICIANSREALLYSHOULDONLYAUTOAUTH#EXAMPLE.COM"},
...).
to_return(status: 200, body: "", headers: {})
Related
I would like test my service with rspec but i got a error in my return body undefined method 'each' for "invoices":String because in my original method i parse an array in the response
I would like know how can i test this method and send a array in return body
My method in service:
def generate_invoices
invoices_ids = []
response = HTTParty.get('https://books.zoho.com/api/v3/invoices?organization_id='\
"#{ENV['ZOHO_ORGANISATION_ID']}&cf_lc_contract_id_startswith=#{#contract_id}&"\
'cf_facture_final=true', headers: { 'Authorization' => "Zoho-oauthtoken #{#access_token}" })
response.code == 200 ? response : raise_error(response.body)
response['invoices'].each do |invoice|
invoices_ids.push invoice['invoice_id']
end
invoices_ids.join(',')
end
stub request i tried:
stub_request(:get, 'https://books.zoho.com/api/v3/invoices?cf_facture_final=true'\
"&cf_lc_contract_id_startswith=123&organization_id=#{ENV['ZOHO_ORGANISATION_ID']}")
.with(headers: { 'Authorization' => 'Zoho-oauthtoken access_token' })
.to_return(status: 200, body: { 'invoices' => [{ "invoice_id": '123' }] }.to_json,
headers: {})
Try this at the end of your call:
.to_return(status: 200, body: '{"invoices" => [{ "invoice_id": "123"}]}', headers: {})
I am trying to figure out why I can't use use both params and headers in an request spec.
What works:
RSpec.describe Api::V1::UsersController, :type => :request do
before { host! 'api.localhost:3000'}
let(:params) {
{
"user": {
"identifier_for_vendor": "BD43813E"
}
}
}
describe 'Post /users' do
context 'when request is valid' do
before {
post api_users_path,
params: params
}
it "is successful" do
expect(response).to be_successful
end
end
end
end
What does not:
RSpec.describe Api::V1::UsersController, :type => :request do
let(:params) {
{
"user": {
"identifier_for_vendor": "BD43813E"
}
}
}
let(:headers) {
{
"host": "api.localhost:3000",
"Accept": "application/vnd.domain_name.v1",
"Content-Type": "application/vnd.api+json",
"X-API-Key": "fake087uakey"
}
}
describe 'Post /users' do
context 'when request is valid' do
before {
post api_users_path,
params: params,
headers: headers
}
it "successful" do
expect(response).to be_successful
end
end
end
end
The above fails, returning the error:
1) Api::V1::UsersController Post /users when request is valid is successful
Failure/Error: params.require(:user).permit(:identifier_for_vendor)
ActionController::ParameterMissing:
param is missing or the value is empty: user
The headers are needed due to having to ensure that valid api-keys are included in the request.
Would appreciate feedback on what I am missing. Thank you
Versions:
Ruby version: 2.6.3
Rails version: 6.0.3.4
RSpec 3.10
So issue had to do with how params and headers objects are created.
Params:
I passed in:
{"user": {"identifier_for_vendor": "OFJPJ"} }
the correct object is:
{:params=>{:user=>{:identifier_for_vendor=>"OFJPJ"}}}
Headers:
I passed in:
{
"host": "api.localhost:3000",
"Accept": "application/vnd.domain_name.v1",
"Content-Type": "application/vnd.api+json",
"X-API-Key": "fake087uakey"
}
the correct object is:
{
"headers" => {
"host" => "api.localhost:3000",
"Accept" => "application/vnd.domain_name.v1",
"X-API-Key" => "api_key"
}
}
Final solution looks like this:
RSpec.describe Api::V1::UsersController, :type => :request do
describe 'Post /users' do
context 'when request is valid' do
before do
post api_users_path,
:params => params,
:headers => headers
end
it "is successful" do
expect(response).to be_successful
end
it "returns a data of type user" do
expect(json_data["type"]).to eq("user")
end
end
end
end
The key to figuring this out was reading the documentation and realizing the my formatting was wrong.
I'm trying to test CredentialsController, which works fine in production, using RSpec request specs.
Code
Controller
class CredentialsController < ApplicationController
before_action :doorkeeper_authorize!
def me
render json: current_user
end
end
(GET /me routes to CredentialsController#me.)
Request Specs
describe 'Credentials', type: :request do
context 'unauthorized' do
it "should 401" do
get '/me'
expect(response).to have_http_status(:unauthorized)
end
end
context 'authorized' do
let!(:application) { FactoryBot.create(:application) }
let!(:user) { FactoryBot.create(:user) }
let!(:token) { FactoryBot.create(:access_token, application: application, resource_owner_id: user.id) }
it 'succeeds' do
get '/me', params: {}, headers: {access_token: token.token}
expect(response).to be_successful
end
end
end
The unauthorized test passes, but the authorized test fails:
expected #<ActionDispatch::TestResponse:0x00007fd339411248 #mon_mutex=#<Thread::Mutex:0x00007fd339410438>, #mo..., #method=nil, #request_method=nil, #remote_ip=nil, #original_fullpath=nil, #fullpath=nil, #ip=nil>>.successful? to return true, got false
The headers indicate a problem with the token:
0> response.headers['WWW-Authenticate']
=> "Bearer realm=\"Doorkeeper\", error=\"invalid_token\", error_description=\"The access token is invalid\""
token looks okay to me, though:
0> token
=> #<Doorkeeper::AccessToken id: 7, resource_owner_id: 8, application_id: 7, token: "mnJh2wJeEEDe0G-ukNIZ6oupKQ7StxJqKPssjZTWeAk", refresh_token: nil, expires_in: 7200, revoked_at: nil, created_at: "2020-03-19 20:17:26", scopes: "public", previous_refresh_token: "">
0> token.acceptable?(Doorkeeper.config.default_scopes)
=> true
Factories
Access Token
FactoryBot.define do
factory :access_token, class: "Doorkeeper::AccessToken" do
application
expires_in { 2.hours }
scopes { "public" }
end
end
Application
FactoryBot.define do
factory :application, class: "Doorkeeper::Application" do
sequence(:name) { |n| "Project #{n}" }
sequence(:redirect_uri) { |n| "https://example#{n}.com" }
end
end
User
FactoryBot.define do
factory :user do
sequence(:email) { |n| "email#{n}#example.com" }
password { "test123" }
password_confirmation { "test123" }
end
end
Questions
Why am I getting invalid_token on this request?
Do my Doorkeeper factories look correct?
I was passing the token wrong. Instead of:
get '/me', params: {}, headers: {access_token: token.token}
I had to use:
get '/me', params: {}, headers: { 'Authorization': 'Bearer ' + token.token}
You can check your Access Token factory's scopes, It should be same as initializer's default_scopes
e.g.
config/initializers/doorkeeper.rb
default_scopes :read
Below, your Access Token factory's scopes should be
factory :access_token, class: "Doorkeeper::AccessToken" do
sequence(:resource_owner_id) { |n| n }
application
expires_in { 2.hours }
scopes { "read" }
end
Additionally, if you encountered response status: 406 while get '/me'....
It means that the requested format (by default HTML) is not supported. Instead of '.json' you can also send Accept="application/json" in the HTTP header.
get '/me', params: {}, headers: {
'Authorization': 'Bearer ' + token.token,
'Accept': 'application/json'}
I resolved my problem with this solution, maybe you can try it.
I need to stub my HTTP Party request to run my spec and I have to store the transaction Id i get from the parsed_response.Here is my stub
stub_request(:post, {MYURL).to_return(status: 200, body: "{'Success': { 'TransactionId' => '123456789' }}", headers: {})
I get my response to the request as
#<HTTParty::Response:0x5d51240 parsed_response="{'Success': { 'TransactionId' => '123456789' }}", #response=#<Net::HTTPOK 200 readbody=true>, #headers={}>
i need to store transactionid from the field
response.parsed_response['Success']["perfiosTransactionId"]
by i am getting null from there.Can any one help me modify my stub response so that i could get the transactionid saved
PS: If I check the fileds of response i get
response.success? ----> true
response.parsed_response --> "{'Success': { 'TransactionId' => '123456789' }}"
response.parsed_response['Success'] ---> "Success"
You're sending the payload in wrong format:
stub_request(
:post,
{MYURL}
).to_return(
status: 200,
body: '{"Success": { "TransactionId": "123456789" }}', # valid json string
headers: {"Content-Type" => "application/json"}
)
It's must be a valid json object, not a ruby hash.
Here is another way:
stub_request(
:post,
{MYURL}
).to_return(
status: 200,
body: {
"Success": { "TransactionId" => "123456789" }
}.to_json, # valid json string
headers: {"Content-Type" => "application/json"}
)
I am using devise_auth_token to authenticate users for an API. I would like to authenticate users before each test is run, but keep getting a 401 error. When I use postman to the endpoint with the correct headers, it works, but fails to work during tests.
before(:each) do
#user = FactoryGirl.create(:user)
end
def get_auth
headers = #user.create_new_auth_token
auth = Hash.new
auth["client"] = headers["client"]
auth["access-token"] = headers["access-token"]
auth["uid"] = headers["uid"]
auth["expiry"] = headers["expiry"]
return auth
end
it "auth user should return success" do
get 'get_tasks_for_user', params: {uid: #user.uid}, headers: get_auth
expect(response).to have_http_status(200)
end
RSpec
TasksController auth user should return success
Failure/Error: expect(response).to have_http_status 200
expected the response to have status code 200 but it was 401
You can use a helper method
#/spec/support/helpers/session_helper.rb
module SessionHelper
def set_request_headers(resp)
{ 'ACCEPT' => "application/json",
'Content-Type' => "application/json",
'access-token' => resp['access-token'],
'token-type' => resp['token-type'],
'client' => resp['client'],
'expiry' => resp['expiry'],
'uid' => resp['uid']
}
end
def subdomain_login(uid, password, subdomain)
request_params = {
'email' => uid,
'password' => password
}
host! "#{subdomain}.lvh.me"
post "/portal/auth/sign_in", params: request_params
return set_request_headers(response.headers)
end
end
Make sure you have the following entry in your /spec/rails_helper
Dir[Rails.root.join('spec/support/**/*.rb')].each { |f| require f }
RSpec.configure do |config|
config.include SessionHelper, :type => :request
end
You can use subdomain_login in your tests. Here is an Rspec example.
post '/portal/system/locations', params: request_params.to_json,
headers: subdomain_login(user_id, password, subdomain)