Develop Reference

Failure/Error: specify { expect(response).to redirect_to(root_url) }

I can not understand, why not pass the tests, it performs the first redirect and not the second, as described in the controller code itself works correctly, redirections occur exactly as described.
Rspec 3.5.1
Rails 5
Ruby 2.3.1
spec/features/authentication_pages_spec.rb
describe "autorization", type: :request do
describe "for non-signed-in users" do
let(:user) { FactoryGirl.create(:user) }
describe "in the Users controller" do
describe "visiting the edit page" do
before { visit edit_user_path(user) }
it { should have_title('Log in') }
end
describe "submitting to the update action" do
before { patch user_path(user) }
specify { expect(response).to redirect_to(login_path) }
end
end
end
describe "as wrong user" do
let(:user) { FactoryGirl.create(:user) }
let(:wrong_user) { FactoryGirl.create(:user, email: "wrong#example.com") }
before { log_in user, no_capybara: true }
describe "submitting a GET request to the Users#edit action" do
before { get edit_user_path(wrong_user) }
specify { expect(response.body).not_to match(full_title('Edit user')) }
specify { expect(response).to redirect_to(root_url) }
end
describe "submitting a PATCH request to the User#update action" do
before { patch user_path(wrong_user) }
specify { expect(response).to redirect_to(root_url) }
end
end
end
end
The test fails with the following error:
1) AuthenticationPages autorization as wrong user submitting a GET request to the Users#edit action should redirect to "http://www.example.com/"
Failure/Error: specify { expect(response).to redirect_to(root_url) }
Expected response to be a redirect to <http://www.example.com/> but was a redirect to <http://www.example.com/login>.
Expected "http://www.example.com/" to be === "http://www.example.com/login".
2) AuthenticationPages autorization as wrong user submitting a PATCH request to the User#update action should redirect to "http://www.example.com/"
Failure/Error: specify { expect(response).to redirect_to(root_url) }
Expected response to be a redirect to <http://www.example.com/> but was a redirect to <http://www.example.com/login>.
Expected "http://www.example.com/" to be === "http://www.example.com/login".
I cannot fathom why it's redirecting to the signin url when it should redirect to the root url - the user is signed in in the spec.
Here is the UserController:
class UsersController < ApplicationController
before_action :logged_in_user, only: [:edit, :update]
before_action :correct_user, only: [:edit, :update]
def show
#user = User.find(params[:id])
end
def new
#user = User.new
end
def create
#user = User.new(user_params)
if #user.save
log_in #user
flash[:success] = "Welcome to the Sample App!"
redirect_to #user
else
render 'new'
end
end
def edit
end
def update
if #user.update_attributes(user_params)
flash[:success] = "Profile updated"
redirect_to #user
else
render 'edit'
end
end
private
def user_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
# Before filters
def logged_in_user
unless logged_in?
flash[:danger] = "Please log in."
redirect_to login_url
end
end
def correct_user
#user = User.find(params[:id])
redirect_to(root_url) unless current_user?(#user)
end
end
Here are the relevant bits of my sessions_helper.rb file:
module SessionsHelper
# Logs in the given user.
def log_in(user)
session[:user_id] = user.id
end
# Returns the current logged-in user (if any).
def current_user
remember_token = User.encrypt(cookies[:remember_token])
#current_user ||= User.find_by(id: session[:user_id])
end
def current_user?(user)
user == current_user
end
# Returns true if the user is logged in, false otherwise.
def logged_in?
!current_user.nil?
end
def log_out
session.delete(:user_id)
#current_user = nil
end
end
User class:
class User < ApplicationRecord
has_secure_password
before_save { self.email = email.downcase }
before_create :create_remember_token
validates :name, presence: true, length: { maximum: 50 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+#[a-z\d\-.]+(\.[a-z]+)*\.[a-z]+\z/i
validates :email, presence: true, format: { with: VALID_EMAIL_REGEX },uniqueness: { case_sensitive: false }
validates :password, length: { minimum: 6 }
def User.new_remember_token
SecureRandom.urlsafe_base64
end
def User.encrypt(token)
Digest::SHA1.hexdigest(token.to_s)
end
private
def create_remember_token
self.remember_token = User.encrypt(User.new_remember_token)
end
end
spec/support/utilities.rb
include ApplicationHelper
def valid_login(user)
fill_in "Email", with: user.email
fill_in "Password", with: user.password
click_button "Log in"
end
RSpec::Matchers.define :have_error_message do |message|
match do |page|
expect(page).to have_selector('div.alert.alert-error', text: message)
end
end
def log_in(user, options={})
if options[:no_capybara]
# Sign in when not using Capybara.
remember_token = User.new_remember_token
cookies[:remember_token] = remember_token
user.update_attribute(:remember_token, User.encrypt(remember_token))
else
visit login_path
fill_in "Email", with: user.email
fill_in "Password", with: user.password
click_button "Log in"
end
end

I suspect your issue is related to
before { log_in user, no_capybara: true }
try changing it to
before { session[:user_id] = user.id }

The problem is with your log_in method (in the spec, not the helper code), which is not actually logging anybody in. That's why you hit the login error. You mention that this code "creates a user with a different email address from the default", but this is not what it should be doing; it should be setting the session.
Simply creating a user will not set the session, and without the session being set, logged_in? will be false and you will get redirected to the login page.
Try something like this instead:
before { #request.session[:user_id] = user.id }
This sets the session explicitly on the request to the user'd id, so that logged_in? will return true in your controller.

Why is current_user called on render in controller?

I'm getting the following error when trying access the log in method of my sessions controller:
JWT::DecodeError (Nil JSON web token):
lib/json_web_token.rb:11:in `decode'
app/helpers/sessions_helper.rb:15:in `current_user'
app/controllers/api/sessions_controller.rb:11:in `create'
If I comment out my render json: user in my controller response, all is good, except I need to respond with the user...Why on earth is the current_user method called on through line 11 of the sessions_controller.rb. Here's the relevant code:
lib/json_web_token.rb
require 'jwt'
class JsonWebToken
def self.encode(payload, expiration = 24.hours.from_now)
payload = payload.dup
payload['exp'] = expiration.to_i
JWT.encode(payload, Rails.application.secrets.json_web_token_secret)
end
def self.decode(token)
JWT.decode(token, Rails.application.secrets.json_web_token_secret).first
end
end
sessions_helper.rb
require 'json_web_token'
module SessionsHelper
def create_session(user)
session[:user_id] = user.id
end
def current_user
auth_token = request.headers["Authorization"]
if auth_token
auth_token = auth_token.split(" ").last
begin
decoded_token = JsonWebToken.decode auth_token
rescue JWT::ExpiredSignature
return
end
#current_user ||= User.find_by(auth_token: auth_token)
end
end
def log_out(user)
logged_in? ? user.generate_authentication_token! : user.destroy_token!
auth_token = user.auth_token
user.update_attribute(:auth_token, auth_token)
end
def logged_in?
current_user.present?
end
def authenticate_with_token!
render json: { errors: "Not authenticated" }, status: :unauthorized unless logged_in?
end
def log_in(user)
create_session(user)
user.generate_authentication_token!
user.update_attribute(:auth_token, user.auth_token)
end
def authenticate_as_self_or_admin!
render json: { errors: "Not authorized" }, status: :unauthorized unless is_self? || is_admin?
end
def is_self?
user = User.find(params[:id])
auth_token = request.headers["Authorization"]
auth_token = auth_token.split(" ").last if auth_token
user.auth_token != auth_token
end
def is_admin?
if logged_in? && current_user.authenticate(params[:password])
current_user.admin
end
end
end
sessions_controller.rb
class Api::SessionsController < ApplicationController
before_action :authenticate_with_token!, only: [:destroy]
def new
end
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
log_in user
render json: user, status: :created
else
render json: user, status: :unprocessable_entity
end
end
def destroy
log_out current_user
render status: 204
end
end
user.rb
require 'json_web_token'
class User < ApplicationRecord
attr_reader :current_password
before_save { email.downcase! }
before_create :generate_authentication_token!
before_update :reset_confirmed!, :if => :email_changed?
has_secure_password
has_many :posts
has_many :comments
has_many :votes
VALID_EMAIL_REGEX = /\A[\w+\-.]+#[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
validates :email, presence: true, length: { maximum: 255 }, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false }
validates :username, presence: true, length: { maximum: 24 }, uniqueness: { case_sensitive: false }
validates :password, presence: true, length: { minimum: 8 }
validates :auth_token, uniqueness: true
def generate_authentication_token!
begin
self.auth_token = JsonWebToken.encode('id' => self.id, 'username' => self.username, 'email' => self.email, 'bio' => self.bio, 'confirmed' => self.confirmed, 'admin' => self.admin, 'points' => self.points)
end while self.class.exists?(auth_token: auth_token)
end
def destroy_token!
self.auth_token = nil
end
def reset_confirmed!
self.confirmed = false
end
def upvotes
self.votes.where(polarity: 1)
end
def downvotes
self.votes.where(polarity: -1)
end
def update_with_password(user_params)
current_password = user_params.delete(:current_password)
user_params[:password] = current_password if user_params[:password].nil?
if self.authenticate(current_password)
self.update(user_params)
else
self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
false
end
end
end
No, I am not using devise.
I'm really hoping my eyes are just tired here...

It turns out that current_user was in fact being called since it is the default scope_name for Active Model Serializers. I changed the name of my current_user method to avoid this conflict. Here are the relevant docs.

Having Log in & Session Errors

First I'd like to let you know I can successfully create a new user and start a session for that new user. What I cannot do is then log in as that new user.
Not to distract anyone from answering but I think the error is within Authenticating the User.
Currently if in the sessions controller. If I have the below.
user = User.find_by(params[:email])
if user && user.authenticate(params[:session][:password])
I will get redirected to the login page because the password doesn't match.
I can login if I have the below. But I will not start the session as the correct user.
user = User.find_by(params[:email])
if user
Again I can create new users, my user count does increase, but I cannot log in with the user once I end the session.
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by(params[:email])
if user && user.authenticate(params[:session])
session[:user_id] = user.id
case user.admin_level
when 1
session[:site_admin] = true
session[:can_create_post] = true
when 2
session[:creator] = true
session[:can_create_post] = true
when 3
session[:friend] = true
session[:can_comment_on_post] = true
end
if params[:remember_me]
cookies.permanent[:auth_token] = user.auth_token
else
cookies[:auth_token] = user.auth_token
end
log_in user
redirect_to user, :notice => "Logged in!"
else
flash.now[:danger] = 'Invalid email/password combination' # Not quite right!
redirect_to root_url
end
end
def loggedin?
#user = session[:user_id]
redirect_to page_path(current_user)
end
def destroy
log_out if logged_in?
cookies.delete(:auth_token)
session.clear
redirect_to root_url, :notice => "Logged out!"
end
def session_params
params.require(:session).permit(:user_id)
end
end
My User Model Looks like below
class User < ActiveRecord::Base
attr_accessor :remember_token, :image
before_create { generate_token(:auth_token) }
mount_uploader :image, ImageUploader
mount_uploader :avatar, AvatarUploader
validates :name, presence: true, length: { maximum: 50 }
before_save { email.downcase! }
before_save { name.capitalize! }
VALID_EMAIL_REGEX = /\A[\w+\-.]+#[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true , length: { maximum: 255 },
format: {with: VALID_EMAIL_REGEX },
uniqueness: { case_sensitive: false }
has_secure_password
validates :password, length: { minimum: 6 }, allow_blank: true
def User.digest(string)
cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
BCrypt::Engine.cost
BCrypt::Password.create(string, cost: cost)
end
def User.new_token
SecureRandom.urlsafe_base64
end
def remember
self.remember_token = User.new_token
update_attribute(:remember_digest, User.digest(remember_token))
end
def forget
update_attribute(:remember_digest, nil)
end
def authenticated?(remember_token)
BCrypt::Password.new(remember_digest).is_password?(remember_token)
end
def generate_token(column)
begin
self[column] = SecureRandom.urlsafe_base64
end while User.exists?(column => self[column])
end
def authenticated?(remember_token)
BCrypt::Password.new(remember_digest).is_password?(remember_token)
end
end

Michael Hartl's Rails Tutorial: undefined method `authenticate_with_salt' error

I'm at the end of 9th chapter and i'm getting an error on the root page itself..
sessions helper is
module SessionsHelper
def sign_in(user)
cookies.permanent.signed[:remember_token] = [user.id, user.salt]
current_user = user
end
def current_user
#current_user ||= user_from_remember_token
end
def signed_in?
!current_user.nil?
end
def sign_out
cookies.delete(:remember_token)
current_user = nil
end
private
def user_from_remember_token
User.authenticate_with_salt(*remember_token)
end
def remember_token
cookies.signed[:remember_token] || [nil, nil]
end
end
here is my user.rb
require 'digest'
class User < ActiveRecord::Base
attr_accessor :password
attr_accessible :name, :email, :password, :password_confirmation
email_regex = /\A[\w+\-.]+#[a-z\d\-.]+\.[a-z]+\z/i
validates :name, :presence => true,
:length => { :maximum => 50 }
validates :email, :presence => true,
:format => { :with => email_regex },
:uniqueness => { :case_sensitive => false }
validates :password, :presence => true,
:confirmation => true,
:length => {:within => 6..40 }
before_save :encrypt_password
def signed_in?
!current_user.nil?
def has_password?(submitted_password)
encrypted_password == encrypt(submitted_password)
end
def self.authenticate(email, submitted_password)
user = find_by_email(email)
return nil if user.nil?
return user if user.has_password?(submitted_password)
end
def self.authenticate_with_salt(id, cookie_salt)
user = find_by_id(id)
(user && user.salt == cookie_salt)? user : nil
end
private
def encrypt_password
self.salt = make_salt if new_record?
self.encrypted_password = encrypt(password)
end
def encrypt(string)
secure_hash("#{salt}--#{string}")
end
def make_salt
secure_hash("#{Time.now.utc}--#{password}")
end
def secure_hash(string)
Digest::SHA2.hexdigest(string)
end
end
end
and my session_controller is
class SessionsController < ApplicationController
def new
#title = "Sign in"
end
def create
user = User.authenticate(params[:session][:email], params[:session][:password])
if user.nil?
flash.now[:error] = "Invalid email/password combination."
#title = "Sign in"
render 'new'
else
sign_in user
redirect_to user
end
end
def destroy
sign_out
redirect_to root_path
end
end
and users_controler is
class UsersController < ApplicationController
def show
#user = User.find(params[:id])
#title = #user.name
end
def new
#user = User.new
#title = "Sign up"
end
def create
#user = User.new(params[:user])
if #user.save
sign_in #user
flash[:success] = "Welcome to the Sample App!"
redirect_to #user
else
#title = "Sign up"
render 'new'
end
end
end
thing is i'm a beginer in Rails and i was going through this tutorials n got stuck right here.
Pls help guyz
here is the screenshot of the error
error says: undefined method 'authentication_with_salt'

I think it is similar issue that was asked and the link is here
You miss current_user scope. Check the above link and hope you can fix your issue asap.

undefined method `downcase' for nil:NilClass railstutorial

I try railstutorial rails4.0
now 9.2.0 and no Rspec error.
but rails s has NoMethodError in Users#index when open /users
why?
app / models / user.rb
class User < ActiveRecord::Base
before_save { self.email = email.downcase }
before_create :create_remember_token
validates :name, presence: true, length: { maximum: 50 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+#[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z/i
validates :email, presence: true, format: { with: VALID_EMAIL_REGEX },
uniqueness: { case_sensitive: false }
has_secure_password
validates :password, length: { minimum: 6 }
def User.new_remember_token
SecureRandom.urlsafe_base64
end
def User.encrypt(token)
Digest::SHA1.hexdigest(token.to_s)
end
private
def create_remember_token
self.remember_token = User.encrypt(User.new_remember_token)
end
end
app / controllers / users_controller.rb
class UsersController < ApplicationController
before_action :signed_in_user, only: [:index, :edit, :update]
before_action :correct_user, only: [:edit, :update]
def index
#users = User.all
end
def show
#user = User.find(params[:id])
end
def new
#user = User.new
end
def create
#user = User.new(user_params)
if #user.save
sign_in #user
flash[:success] = "Welcome to the Sample App!"
redirect_to #user
else
render 'new'
end
end
def edit
end
def update
if #user.update_attributes(user_params)
flash[:success] = "Profile updated"
redirect_to #user
else
render 'edit'
end
end
private
def user_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
#Before actions
def signed_in_user
unless signed_in?
store_location
redirect_to signin_url, notice: "Please sign in."
end
end
def correct_user
#user = User.find(params[:id])
redirect_to(root_path) unless current_user?(#user)
end
end
app / views / users / index.html.slim
- provide(:title, 'All users')
h1 All users
ul.users
- #users.each do |user|
li
= gravatar_for user, size: 52
= link_to user.name, user
app / helpers / users_helper.rb
module UsersHelper
# Returns the Gravatar (http://gravatar.com/) for the given user.
def gravatar_for(user, options = { size: 50 })
gravatar_id = Digest::MD5::hexdigest(user.email.downcase)
size = options[:size]
gravatar_url = "https://secure.gravatar.com/avatar/#{gravatar_id}?s=#{size}"
image_tag(gravatar_url, alt: user.name, class: "gravatar")
end
end

I have not tried. but it can be something like this.
before_save { self.email = email.downcase if email}

Your error would seem to be coming from the first line of the gravatar_for method, which calls user.email.downcase, suggesting you have at least one user with a nil email address in the database.