I have a simple user login system:
module SessionsHelper
def logged_in?
current_user.present?
end
def current_user
#current_user ||= begin
if session[:current_user_id]
User.find(session[:current_user_id]) rescue nil
end
end
end
end
which I include in ApplicationController:
class ApplicationController < ActionController::Base
include SessionsHelper
helper SessionsHelper
I am trying to test the banners controller:
require 'spec_helper'
describe Admin::BannersController do
describe 'POST create' do
let(:user){ create(:user_admin) }
before do
controller.stub(:current_user){ user }
end
it "create action should render new template when model is invalid" do
Banner.any_instance.stubs(:valid?).returns(false)
post :create
response.should render_template(:new)
end
:user_admin is the properly set up Factory Girl admin user.
However the test still says: You are not authorized to access this page.
This is from Cancan.
Did I not stub it properly? Thanks.
def fake_user
user = FactoryGirl.build(:user, :id => 100000 + rand(100000))
stub(controller).current_user { user }
user
end
Related
I am trying to spec the following.
I need to return all entities that are linked to the logged in user. Subsequently I need to create the user before the fact and then ensure that the specific user is logged in. I am struggling to achieve this with controller macros. My specs are failing as follows
1) Yougov::Surveys::ProfilesController GET :index returns all profiles linked to the loged in user with the same country and client as the linked survey
Failure/Error: sign_in user
RuntimeError:
Could not find a valid mapping for nil
# /Users/donovan.thomson/.rvm/gems/ruby-2.2.2#insight-app/gems/devise-2.2.8/lib/devise/mapping.rb:42:in `find_scope!'
# /Users/donovan.thomson/.rvm/gems/ruby-2.2.2#insight-app/gems/devise-2.2.8/lib/devise/test_helpers.rb:46:in `sign_in'
# ./spec/support/controller_macros.rb:17:in `block in login_specific_user'
So a basic scaffolding of my controller looks as follows :
class ProfilesController < ApplicationController
def index
render json: Profile.where(user_id: current_user.id)
end
end
I assume this means the user is not being logged in as I would expect
My spec is as follows
require 'spec_helper'
describe ProfilesController, type: :controller do
before do
#user = FactoryGirl.create :user
#profile = FactoryGirl.create :profile, user: #user
FactoryGirl.create :profile
end
describe "GET :index" do
login_specific_user(#user)
it "returns all profiles linked to the loged in user with the same country and client as the linked survey" do
get :index
expect(response.body).to eq(#profile.to_json)
end
end
end
My controller macro's are as follows:
module ControllerMacros
def login_admin
before :each do
sign_in ControllerMacros.get_user(#request, :admin, :admin_user)
end
end
def login_user
before :each do
sign_in ControllerMacros.get_user(#request, :user)
end
end
def login_specific_user(user)
before :each do
sign_in user
end
end
class << self
def get_user(req, mapping, type=mapping)
req.env["devise.mapping"] = Devise.mappings[mapping]
user = FactoryGirl.create(type)
user.confirm!
user
end
end
end
I solved this by not using controller macros and just adding the following to my before block
before do
#user = FactoryGirl.create :user
#user.confirm!
sign_in #user
end
Hi I am implementing a method to delete a user account in my web application. My controller:
class UsersController < ApplicationController
before_filter :set_current_user
def user_params
params.require(:user).permit(:user_id, :first_name, :last_name, :email, :password, :password_confirmation)
end
def delete_account
#user = User.find_by_id(params[:id])
if #user.present?
#user.destroy
flash[:notice] = "User Account Deleted."
end
redirect_to root_path
end
def destroy
User.delete(:user_id)
redirect_to root_path
end
end
My rspec:
require 'spec_helper'
require 'rails_helper'
require'factory_girl'
describe UsersController do
describe "delete account" do
before :each do
#fake_results = FactoryGirl.create(:user)
end
it "should call the model method that find the user" do
expect(User).to receive(:find).with(params[:id]).and_return (#fake_results)
end
it "should destroy the user account from the database" do
expect{delete :destroy, id: #fake_results}.to change(User, :count).by(-1)
end
it "should redirect_to the home page" do
expect(response).to render_template(:home)
end
end
end
The first error is
Failure/Error: expect(User).to receive(:find).with(params[:id]).and_return (#fake_results)
NameError:undefined local variable or method `params' for #<RSpec::ExampleGroups::UsersController::DeleteAccount:0x00000007032e18>
I know what this error means but I don't know how to correct it. How can I pass the user id from the controller to rspec?
The second error is:
Failure/Error: expect(response).to render_template(:home)
expecting <"home"> but rendering with <[]>
I think there is something wrong with my controller method. It should redirect to the home page but it doesn't.
params is not available in your tests, it's available in your controller.
Looks like you create a test user in your test:
#fake_results = FactoryGirl.create(:user)
Then, you can use the id of this test user (#fake_results.id) instead of trying to use params[:id]:
expect(User).to receive(:find).with(#fake_results.id).and_return (#fake_results)
Although, you may want to change the name from #fake_results to something more meaningful e.g. test_user or so.
However, this should fix both of your problems as your second problem is there because of the first problem. As it's failing to delete the user in the first place, it's not being redirected to the root path and hence the home template is not rendering.
My current code looks like this:
/spec/support/spec_test_helper.rb
module SpecTestHelper
def login_admin
user = FactoryGirl.create(:user, type: 0)
session[:user_id] = user.id
end
end
/app/controllers/application_controller.rb
def current_user
if session[:user_id].nil?
render plain: 'Error', status: :unauthorized
else
#current_user ||= User.find(session[:user_id])
end
end
Unfortunately, session is always empty in the current_user method. Is there a way of controlling the session through RSpec?
This will change based on the spec type. For example, a feature spec will not allow you to directly modify the session. However, a controller spec will.
You will need to include the helper methods module into your example group. Say you have a WidgetsController:
require 'support/spec_test_helper'
RSpec.describe WidgetsController, type: :controller do
include SpecTestHelper
context "when not logged in" do
it "the request is unauthorized" do
get :index
expect(response).to have_http_status(:unauthorized)
end
end
context "when logged in" do
before do
login_admin
end
it "lists the user's widgets" do
# ...
end
end
end
You can also automatically include the module into all specs, or specific specs by using metadata.
I often do this by adding the configuration changes into the file which defines the helper methods:
/spec/support/spec_test_helper.rb
module SpecTestHelper
def login_admin
user = FactoryGirl.create(:user, type: 0)
session[:user_id] = user.id
end
end
RSpec.configure do |config|
config.include SpecTestHelper, type: :controller
end
I am implementing Devise and Cancan for user authentication and permissions. Everything works great so far except I am not able to redirect users to the login page when they are not allowed to access a specific feature.
My test is:
feature 'A signed in user' do
before(:each) do
user = FactoryGirl.create(:user)
visit "/login"
fill_in "user_email", :with => user.email
fill_in "user_password", :with => "ilovebananas"
click_button "Sign in"
end
scenario 'should not have access to admin dashboard' do
visit '/admin'
page.should have_content 'Log in'
end
end
And I get the following failure:
Failures:
1) A signed in user should not have access to admin dashboard
Failure/Error: visit '/admin'
CanCan::AccessDenied:
You are not authorized to access this page.
To be clear, all my permission management works as expected so far, except the redirection to login page.
Here is how things are set up:
ApplicationController:
check_authorization :unless => :devise_controller? # Cancan
rescue_from CanCan::AccessDenied do |exception|
redirect_to login_path, alert: exception.message
end
UsersController
class UsersController < ApplicationController
load_and_authorize_resource # Cancan
def queue
...
end
...
end
AdminsController
class AdminController < ActionController::Base
authorize_resource :class => false # Cancan, used because AdminController doesn't have an associated model
...
end
ability.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user, not logged in
can :queue, User
if user.has_permission? :super_admin
can :manage, :all
elsif user.has_permission? :network_admin
end
end
end
What am I missing?
you must pass class name as string. try quoting it. or try
rescue_from CanCan::AccessDenied , :with => :login_page
private
def login_page
redirect_to login_path
end
You should to add "controller.authorize_resource" to admin/register.if abilities without conditions.
controller.authorize_resource
Example: can :manage, :all
If conditions are,
controller do
load_and_authorize_resource :except => [:update,:index, :show, :edit]
def scoped_collection
end_of_association_chain.accessible_by(current_ability)
end
end
Example: can :manage, Master::Country, :organization_branch_id => each_branch.id
i hope it help you
My Admins Controller was not < ApplicationController, so it did not load the ApplicationController rescue_from method.
Making the change solved my issue.
So I was just trying to call a log_in method from user controller in the RSpec as
it "should get the index page" do
#user = User.new({ :email => "employee#test.com" })
log_in(#user)
get 'index'
response.should be_success
end
The result I got is like
1) EmployeesController GET 'index' should get the index page
Failure/Error: log_in(user)
NoMethodError:
undefined method `log_in' for #<RSpec::Core::ExampleGroup::Nested_1:0x4ac0328>
# ./spec/controllers/employees_controller_spec.rb:11:in `user_log_in'
# ./spec/controllers/employees_controller_spec.rb:16:in `block (2 levels) in <top (required)>'
Can someone help me out? Thanks
Edited March 11th, 2011
Here is the log_in method which is in UserController
def log_in(user)
session[:current_user] = user.id
end
If you want to call a method on the controller in an RSpec controller test, you could use the following.
subject.send(:log_in,#user)
It should call the method. I dont know if this is really a best practice. A better method would be to stub the logged_in method as BurmajaM suggested.
Why don't you stub logged_in? or whatever your method is. Logging in is not target of this spec, so stub it! Here's simple example how I spec controller action that has before_filter:
class MyController < ApplicationController
before_filter :logged_in?
def index
end
end
describe MyController do
describe "GET 'index'" do
context "when not logged in"
# you want to be sure that before_filter is executed
it "requires authentication" do
controller.expects :logged_in?
get 'index'
end
# you don't want to spec that it will redirect you to login_path
# because that spec belongs to #logged_in? method specs
end
context "when authenticated" do
before(:each) { controller.stubs :logged_in? }
it "renders :index template" do
get 'index'
should render_template(:index)
end
it "spec other things your action does when user is logged in"
end
end
end