signed-in User can't seem to be signed-in - ruby-on-rails

I used the M. Hartl Rails Tutorial to create my app. So I have a User model, and all current_user and signed_in_user methods.
I want to make the following test pass :
describe "submitting a PATCH request to the Users#update action" do
before do
be_signed_in_as FactoryGirl.create(:user)
patch user_path(FactoryGirl.create(:user))
end
specify { expect(response).to redirect_to(root_path) }
end
But the test fails :
Failure/Error: specify { expect(response).to redirect_to(root_path) }
Expected response to be a redirect to <http://www.example.com/> but was a redirect to <http://www.example.com/signin>.
Expected "http://www.example.com/" to be === "http://www.example.com/signin".
So here is a part of the User controller
class UsersController < ApplicationController
before_action :signed_in_user, only: [:index, :edit, :update, :destroy]
before_action :correct_user, only: [:edit, :update]
before_action :admin_user, only: :destroy
.
.
.
.
private
def signed_in_user
unless !current_user.nil?
store_url
redirect_to signin_url, notice: t('sign.in.please')
end
end
def correct_user
#user = User.find(params[:id])
redirect_to(root_path) unless current_user?(#user)
end
def admin_user
redirect_to(root_path) unless current_user.admin?
end
end
If I remove the before_create :signed_in_user... line, the test pass.
But why is that ? The be_signed_in_as spec method is working in all the others test (~ 1k) so the reason must lie within the specify { expect(response) thing.

Your test is going to a user_path for a different user than you're logging in as, so you're getting redirected to the root by your correct_user filter. You need to save the user that you're logging in as and use that for your user_path.

Each time you call FactoryGirl.create(:user), you're creating an additional user. The code you list is creating two separate user records in the database. So unless you're intending on creating two different users for this test, you should probably have a line before the before block like:
let(:user) { FactoryGirl.create(:user) }
Then just refer to user everywhere you want the one user record.

Related

before_action with the same callback but different condition not working

this is my before_action in controller
before_action :redirect_to_home, unless: :logged_in?, only: %i[destroy]
before_action :redirect_to_home, if: :logged_in?, only: %i[new create]
My purpose is redirect to home when call new and create action for authenticated user and destroy for unauthenticated user
this is my redirect_to_home callback
def redirect_to_home
redirect_to root_path
end
this is my logged_in? method
def logged_in?
p 'HELLO FROM LOGGED_IN'
session[:user_id].present?
end
when I ran the destroy test spec nothing printed out to the console but when I swap the line and run the destroy test spec again everything looks fine but new and create test spec are broken.
Do you guys have any ideas?
Thanks
Ref this
Calling the same filter multiple times with different options will not work,
since the last filter definition will overwrite the previous ones.
You can do following
before_action :redirect_to_home, only: %i[new create destroy]
And in controller
def redirect_to_home
if logged_in?
redirect_to root_path
else
redirect_to destroy_path #You have to use actual destroy path here.
end
end
before_action doesn't prevent action to be executed if callback returns false.
You can make another method:
def ensure_user_is_logged_in
unless logged_in?
redirect_to_home
end
Then you can use it before_action like this:
before_action :ensure_user_is_logged_in, only: %i[new, create]
It will redirect to home if the user is not logged in.
You can refer to this for more info:
how to execute an action if the before_action returns false

authenticate_user! failing with guest

I am writing a rails application with devise and testing in rspec. I have an issue where my rspec fails the user_authenticate when the user is not logged in. All of my specs pass except for the last one- the error it gives is
"Failure/Error: get :show, id: course NoMethodError:undefined method `authenticate' for nil:NilClass"
I suspect I am having this issue because I have a before_action :authenticate_user! call and for someone not logged in, it tries to authenticate nil. Is there a way to make it fail gracefully and redirect to user_session? I tried to create an inherited version of authenticate_user to do the redirect, but it does not appear to work. I know this is probably a noob question but I have extensively searched around without any solution. thanks!
This is my controller:
class CoursesController < ApplicationController
before_action :authenticate_user!, except: [:index]
before_action :set_course, only: [:show]
def index
#course = Course.order('name')
end
def show
end
private
def set_course
#course = Course.find(params[:id])
end
def course_params
params.require(:course).permit(:name,:description,:department,:hidden,
:lecture_attributes => [:name,:description,:level])
end
def authenticate_user!
if user_signed_in?
super
else
redirect_to user_session
end
end
end
This is my spec:
require 'rails_helper'
RSpec.describe CoursesController, :type => :controller do
describe "user access " do
before(:each) do
#user = create(:user)
#request.env['devise.mapping'] = Devise.mappings[:user]
sign_in :user, #user
end
describe 'GET #index' do
it 'renders the :index view' do
get :index
expect(response).to render_template :index
end
end
describe 'GET #show' do
it 'assigns the requested course to #course' do
course = create(:course)
get :show, id: course
expect(assigns(:course)).to eq course
end
it 'renders the :show template' do
course = create(:course)
get :show, id: course
expect(response).to render_template :show
end
end
end
describe "guest access " do
describe 'GET #index' do
it 'renders the :index view' do
get :index
expect(response).to render_template :index
end
end
describe 'GET #show' do
it 'redirects to the login url' do
course = create(:course)
get :show, id: course
expect(response).to redirect_to 'user_session'
end
end
end
end
It seems that devise does the redirect to "users#sessions" itself when you add :authenticate_user! to the show action for a guest or a user that is not signed in.
Try removing your custom :authenticate_user! method and add "only: [:show]" to your before_action
class CoursesController < ApplicationController
before_action :authenticate_user!, only: [:show], except: [:index]
before_action :set_course, only: [:show]
def index
#course = Course.order('name')
end
def show
end
private
def set_course
#course = Course.find(params[:id])
end
def course_params
params.require(:course).permit(:name,:description,:department,:hidden,
:lecture_attributes => [:name,:description,:level])
end
end
Update
class CoursesController < ApplicationController
before_action :authenticate_user!, except: [:index]
before_action :set_course, only: [:show]
def index
#course = Course.order('name')
end
def show
if user_signed_in?
render :show
else
redirect_to user_session
end
end
private
def set_course
#course = Course.find(params[:id])
end
def course_params
params.require(:course).permit(:name,:description,:department,:hidden,
:lecture_attributes => [:name,:description,:level])
end
end
This isn't a super satisfying result but it appears as if authenticate_user! does not properly work with rspec. When I load the page directly, it correctly redirects to the login page, I am still interested to know what the proper work around is.
Can I have some sort of OR statement where I can first check if a user exists? There must be a standard way to deal with this problem so I can ensure my app is properly redirecting.

"Could not find User without ID" ActiveRecord Error and editing trouble

So I am having some trouble with my rails app and I think I went a little out of my own depth. I am creating a simple alumni application and I want users to be able to join organizations. For some reason in my new join page I get the error "Couldn't find User without an ID". I want to know why the ID isn't passing in, which would imply signed_in? = false. I don't know why everything worked find when I created other additions to my users controller but here it refuses to take on the logged in user id. I feel like I am missing something simple, let me know if updates are necessary!
Here is the relevant information in my Users controller:
class UsersController < ApplicationController
before_action :signed_in_user, only: [:edit, :update, :index, :show, :join]
before_action :correct_user, only: [:edit, :update, :join]
before_action :admin_user, only: :destroy
def join
end
def show
#user = User.find(params[:id])
#organization = #user.organization
end
def create
#user = User.new(user_params)
if #user.save
sign_in #user
flash[:success] = "Welcome to the Sample App!"
redirect_to #user
else
render 'new'
end
end
...
private
def user_params
params.require(:user).permit(:name,:email, :password, :password_confirmation,:organization_id)
end
def signed_in_user
unless signed_in?
store_location
redirect_to signin_url, notice: "Please sign in."
end
end
def correct_user
#user = User.find(params[:id])
redirect_to(root_url) unless current_user?(#user)
end
def admin_user
redirect_to(root_url) unless current_user.admin?
end
end
I included the def create method because I tried editing it to redirect users to the join page right after login but then I came across this error and I thought that was the problem so i switched it back. I guess it wasnt.... NOTE: I am basing a lot of this app off of the Hartl tutorial if that is helpful.
You should have a Memberships controller and model with a belongs_to :user (has_many :memberships for User & Organization), instead of defining a join method in the Users controller. The controller should be responsible for adding/deleting organization user-memberships. From that controller you fetch the user info by #user = User.find(:id) and don't forget to properly set the route file for nested resources.
resources :users do
resources :memberships
end
Also note that your join method doesn't create any instance variables for the view (#user). It looks like it properly goes through the signed_in_user action but nothing is instantiated in the join method.
Change line 3 to:
before_action :correct_user, only: [:edit, :update]
If the purpose of "join" is to create a user, then there should not be a user yet. However if your purpose for "join" is to get the current user you should add this to your join method:
#user = current_user
What about if you changed it to this:
def show
#users = User.all
#user = #users.find(params[:id])
#organization = #user.organization
end

Multiple before_filter statements for correct_user and admin

I have a Group resource that I'm trying to set up with proper authorizations.
The authorization logic I'm trying to implement is this:
Only group members should be able to view their group.
An admin can view any group, as well as take other actions.
I'm attempting to do this with the following before_filter statements in the group controller:
before_filter :signed_in_user
before_filter :correct_user, only: :show
before_filter :admin_user, only: [:show, :index, :edit, :update, :destroy]
Correct_user works as I have verified that only group members can view their group. However, what I want to happen is for the admin :show clause to override this, so that an admin can view any group. Currently that is not working. I'm guessing I have something wrong here with my filter ordering and options.
Can someone tell me where I've gone wrong?
EDIT
Adding my method code per Amar's request:
private
def correct_user
# User has to be a member to view
#group = Group.find(params[:id])
redirect_to(root_path) if #group.members.find_by_member_id(current_user).nil?
end
def admin_user
redirect_to(root_path) unless current_user.admin?
end
Update the correct_user method or create another method with the following definition, remove show from other filter and add before_filter with new method.
def correct_user
#group = Group.find(params[:id])
redirect_to(root_path) if #group.members.find_by_member_id(current_user).nil? && !current_user.admin?
end

How do I test authlogic in rspec?

I can't get my tests to work and was wondering if anyone have any pointers. I am testing my user edit page such that you have to be logged in to be able to see and edit the user profile. Following the authlogic documentation, here are the relevant codes:
class ApplicationController < ActionController::Base
helper_method :current_user_session, :current_user
private
def current_user_session
return #current_user_session if defined?(#current_user_session)
#current_user_session = UserSession.find
end
def current_user
return #current_user if defined?(#current_user)
#current_user = current_user_session && current_user_session.user
end
def require_current_user
unless current_user
flash[:error] = 'You must be logged in'
redirect_to sign_in_path
end
end
end
class UsersController < ApplicationController
before_filter :require_current_user, :only => [:edit, :update]
...
end
In my users_controller_spec
describe "GET 'edit'" do
before(:each) do
#user = Factory(:user)
UserSession.create(#user)
end
it "should be successful" do
# test for /users/id/edit
get :edit, :id => #user.id
response.should be_success
end
I tested it using the browser and it works. You have to be logged in to be able to edit your profile but it doesn't work in my rspec test.
I have a feeling it has something to do with mock controller but I can't figure out how. I've also read the test case but still can't get it to work.
Please help and much thanks!!!
You can stub the current_user method on the ApplicationController like so:
fake_user = controller.stub(:current_user).and_return(#user) #you could use a let(:user) { FactoryGirl.create(:user) } instead of before_each
get :edit, :id => fake_user.id
response.should be_success

Resources