I can't get my tests to work and was wondering if anyone have any pointers. I am testing my user edit page such that you have to be logged in to be able to see and edit the user profile. Following the authlogic documentation, here are the relevant codes:
class ApplicationController < ActionController::Base
helper_method :current_user_session, :current_user
private
def current_user_session
return #current_user_session if defined?(#current_user_session)
#current_user_session = UserSession.find
end
def current_user
return #current_user if defined?(#current_user)
#current_user = current_user_session && current_user_session.user
end
def require_current_user
unless current_user
flash[:error] = 'You must be logged in'
redirect_to sign_in_path
end
end
end
class UsersController < ApplicationController
before_filter :require_current_user, :only => [:edit, :update]
...
end
In my users_controller_spec
describe "GET 'edit'" do
before(:each) do
#user = Factory(:user)
UserSession.create(#user)
end
it "should be successful" do
# test for /users/id/edit
get :edit, :id => #user.id
response.should be_success
end
I tested it using the browser and it works. You have to be logged in to be able to edit your profile but it doesn't work in my rspec test.
I have a feeling it has something to do with mock controller but I can't figure out how. I've also read the test case but still can't get it to work.
Please help and much thanks!!!
You can stub the current_user method on the ApplicationController like so:
fake_user = controller.stub(:current_user).and_return(#user) #you could use a let(:user) { FactoryGirl.create(:user) } instead of before_each
get :edit, :id => fake_user.id
response.should be_success
Related
This is my first foray into app development, and I have been following Michael Hartl's tutorial pretty much verbatim. All went fine until towards the end of chapter 12, when my tests started failing. The strange thing is that the tests which fail seem to be unrelated to the changes I made in chapter 12.
There are three failures and one error, and they are also duplicated by the local server when manually checked in the browser. Basically the logged_in_user before action doesn't seem to work, but only with some of the model actions, not all. I've tried to trace it with the debugger and tried to revert back to pre-chapter 12 commits (which all definitely worked) but I'm having trouble with database migrations and stuff and only introducing more and more errors. Below is the error log, my users controller, application controller and sessions helper. I feel like the error must be in one of those.
Many many thanks in advance for your help!
FAIL["test_should_redirect_update_when_not_logged_in", UsersControllerTest, 2016-03-06 05:58:45 -0800]
test_should_redirect_update_when_not_logged_in#UsersControllerTest
(1457272725.92s)
Expected true to be nil or false
test/controllers/users_controller_test.rb:27:in `block in '
ERROR["test_should_redirect_destroy_when_not_logged_in", UsersControllerTest, 2016-03-06 05:58:45 -0800]
test_should_redirect_destroy_when_not_logged_in#UsersControllerTest
(1457272725.96s) NoMethodError: NoMethodError: undefined
method admin?' for nil:NilClass
app/controllers/users_controller.rb:77:inadmin_user'
test/controllers/users_controller_test.rb:47:in block (2 levels) in <class:UsersControllerTest>'
test/controllers/users_controller_test.rb:46:inblock in '
app/controllers/users_controller.rb:77:in admin_user'
test/controllers/users_controller_test.rb:47:inblock (2 levels) in '
test/controllers/users_controller_test.rb:46:in `block in '
FAIL["test_should_redirect_edit_when_not_logged_in", UsersControllerTest, 2016-03-06 05:58:46 -0800]
test_should_redirect_edit_when_not_logged_in#UsersControllerTest
(1457272726.03s)
Expected true to be nil or false
test/controllers/users_controller_test.rb:21:in `block in '
FAIL["test_successful_edit_with_friendly_forwarding", UsersEditTest, 2016-03-06 05:58:46 -0800]
test_successful_edit_with_friendly_forwarding#UsersEditTest
(1457272726.07s)
Expected response to be a redirect to <[removed link]/users/633107804/edit> but was a redirect to <[removed
link]/users/633107804>.
Expected "[removed link]users/633107804/edit" to be === "[removed link]/users/633107804".
test/integration/users_edit_test.rb:22:in `block in '
class UsersController < ApplicationController
before_action :correct_user, only: [:edit, :update]
before_action :admin_user, only: :destroy
before_action :logged_in_user, only: [:index, :edit, :update, :destroy, :following, :followers]
def destroy
User.find(params[:id]).destroy
flash[:success] = "User deleted"
redirect_to_users_url
end
def show
#user = User.find(params[:id])
#microposts = #user.microposts.paginate(page: params[:page])
end
def new
#user = User.new
end
def index
#users = User.paginate(page: params[:page])
end
def create
#user = User.new(user_params)
if #user.save
#user.send_activation_email
flash[:info] = "Please check your email to activate your account."
redirect_to root_url
else
render 'new'
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
if #user.update_attributes(user_params)
flash[:success] = "Profile updated"
redirect_to #user
else
render 'edit'
end
end
def following
#title = "Following"
#user = User.find(params[:id])
#users = #user.following.paginate(page: params[:page])
render 'show_follow'
end
def followers
#title = "Followers"
#user = User.find(params[:id])
#users = #user.followers.paginate(page: params[:page])
render 'show_follow'
end
private
def user_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
def correct_user
#user = User.find(params[:id])
redirect_to(root_url) unless current_user?(#user)
end
def admin_user
redirect_to(root_url) unless current_user.admin?
end
end
And the application controller:
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
include SessionsHelper
private
#confirms a logged in user. Now placed in the application controller so both teh user controller and microposts controller can use it
def logged_in_user
unless logged_in?
store_location
flash[:danger] = "Please log in."
redirect_to login_url
end
end
end
And the sessions helper:
module SessionsHelper
#logs in the given user
def log_in(user)
session[:user_id] = user.id
end
# returns the current logged-in user (if any)
def current_user
if (user_id = session[:user_id])
#current_user ||= User.find_by(id: session[:user_id])
elsif (user_id = cookies.signed[:user_id])
user = User.find_by(id: user_id)
if user && user.authenticated?(:remember, cookies[:remember_token])
log_in user
#current_user = user
end
end
end
# returns true if the user is logged in, and false otherwise
def logged_in?
!current_user.nil?
end
#Saves a user id and remember token digest to cookies
def remember(user)
user.remember
#Code to save cookies with 20 year expiry ("permanent") and "signed" so it can't be accessed by third party
cookies.permanent.signed[:user_id] = user.id
cookies.permanent[:remember_token] = user.remember_token
end
# runs the forget method and removes remember tokens from cookies
def forget(user)
user.forget
cookies.delete(:user_id)
cookies.delete(:remember_token)
end
# logs out the given user
def log_out
forget(current_user)
session.delete(:user_id)
#current_user = nil
end
def current_user?(user)
user == current_user
end
# Redirects to stored location after trying to edit while logged out and then logging in
def redirect_back_or(default)
redirect_to(session[:forwarding_url] || default)
session.delete(:forwarding_url)
end
# Stores the URL trying to be accessed
def store_location
session[:forwarding_url] = request.url if request.get?
end
end
Userscontrollertest:
require 'test_helper'
class UsersControllerTest < ActionController::TestCase
def setup
#user = users(:Joe)
#other_user = users(:Jane)
end
test "should redirect to index when not logged in" do
get :index
assert_redirected_to login_url
end
test "should get new" do
get :new
assert_response :success
end
test "should redirect edit when not logged in" do
get :edit, id: #user
assert_not flash.empty?
assert_redirected_to login_url
end
test "should redirect update when not logged in" do
patch :update, id: #user, user: { name: #user.name, email: #user.email }
assert_not flash.empty?
assert_redirected_to login_url
end
test "should redirect edit when logged in as wrong user" do
log_in_as(#other_user)
get :edit, id: #user
assert flash.empty?
assert_redirected_to root_url
end
test "should redirect update when logged in as the wrong user" do
log_in_as(#other_user)
patch :update, id: #user, user: { name: #user.name, email: #user.email }
assert flash.empty?
assert_redirected_to root_url
end
test "should redirect destroy when not logged in" do
assert_no_difference 'User.count' do
delete :destroy, id: #user
end
assert_redirected_to login_url
end
test "should redirect destroy when logged in as a non-admin" do
log_in_as(#other_user)
assert_no_difference 'User.count' do
delete :destroy, id: #user
end
assert_redirected_to root_url
end
end
After comparing your code to what I have in my tutorial code, try changing the order of the before_action statements in your UsersController and see if that works:
Before:
before_action :correct_user, only: [:edit, :update]
before_action :admin_user, only: :destroy
before_action :logged_in_user, only: [:index, :edit, :update, :destroy, :following, :followers]
After:
before_action :logged_in_user, only: [:index, :edit, :update, :destroy, :following, :followers]
before_action :correct_user, only: [:edit, :update]
before_action :admin_user, only: :destroy
All the before_action statements are run in the order they are defined in the controller, so for the update action, you're currently running the correct_user filter first, which calls current_user?(#user), which calls current_user:
def current_user
if (user_id = session[:user_id])
#current_user ||= User.find_by(id: session[:user_id])
elsif (user_id = cookies.signed[:user_id])
user = User.find_by(id: user_id)
if user && user.authenticated?(:remember, cookies[:remember_token])
log_in user
#current_user = user
end
end
end
At that point in your tests, since you haven't logged in a user yet, you don't have a session[:user_id], so that if statement fails, and you also don't have a cookies.signed[:user_id], so the elsif statement fails, leaving you with a nil return value and #current_user not being set.
At some point in your request in the test, you seem to be finding its way over to the admin_user method, which is calling current_user.admin?, and since at this point current_user is nil, you're getting the NoMethodError: undefined method admin?' for nil:NilClass that you're seeing.
My controller test isn't passing. I have a before_acton in my ReviewsController that tests for a current user. If there is none, it shouldn't complete the create action and redirect. But it does create it, despite the session[:user_id] being nil. Here is my code:
it "doesnt create review if there is valid input, but not authenticated" do
video = Video.create(title: "new title", description: "new description")
review = Review.create(content: "content1", rating: 1)
expect(Review.count).to eq(0)
end
In my ReviewsController:
def create
#video = Video.find(params[:video_id])
#review = Review.new(parameters)
rating = params[:review][:rating]
content = params[:review][:content]
#review.content = content
#review.rating = rating
#review.user_id = current_user.id
#review.video = #video
#review.save
redirect_to #video
end
i have a before_action in the Reviews controller that test if a user is authenticated. If the session[:user_id] is nil, then it redirects to the sign_in_path. Here are the methods:
def current_user
#current_user = User.find(session[:user_id]) if session[:user_id]
end
def require_user
redirect_to sign_in_path unless current_user
end
in my reviews_controller_spec.rb file, it shouldn't create the review, because it shouldn't get past the before_action :require_user
Why is the review object still being created? Why doesn't the before_action filter stop it? The test fails and just says it expected Review.count to be 0, but got 1.
# config/routes.rb
resources :videos, shallow: true do
resources :reviews
end
There is no need to bind params to attributes 1-1. In fact doing so will make you controllers excessively verbose plus its boring as hell to type it out.
class ReviewsController < ApplicationController
before_filter :authenticate_user!
def create
#video = Video.find(params[:video_id])
#review = current_user.reviews.new(review_params) do |r|
r.video = #video
end
end
private
# this is mass assignment protection
def review_params
params.require(:review).permit(:rating, :content)
end
end
If you decide to roll you own authentication (which is a bad idea) don't repeat it across your controllers and views:
module AuthenticationHelper
def current_user
#current_user ||= User.find(session[:user_id]) if session[:user_id]
end
def sign_in(user)
#current_user = user
session[:user_id] = user.id
end
def sign_out
#current_user = nil
reset_session
end
def authenticate_user!
raise User::NotAuthorized unless current_user
end
end
A key point is that a opt out security model is far better since it eliminates the risk of leaving a route open by omission:
class ApplicationController
include AuthenticationHelper
rescue_from User::NotAuthorized, with: :deny_access!
# use skip_before_action :authenticate_user! if
# you don't want a route / controller to require auth.
before_action :authenticate_user!
private
def deny_access!
redirect_to root_path
end
end
So to test ReviewsController we would do:
describe ReviewsController do
let(:user) { User.create(name: 'joe') }
let(:video) { Video.create(name: 'Cats Gone Wild') }
describe "#create" do
let(:valid_attributes) { { video_id: video, title: "new title", description: "new description" } }
context "when unauthorized" do
it "does not create a review" do
expect { post :create, valid_attributes }.to_not change(Review, :count)
end
end
context "when authorized" do
before { subject.stub(:current_user) { user } }
# ...
end
end
end
Key points here:
use let to setup test dependencies
use expect { action }.to change to test if an action alters the DB. Testing for .count == 0 can lead to false positives.
I am writing a rails application with devise and testing in rspec. I have an issue where my rspec fails the user_authenticate when the user is not logged in. All of my specs pass except for the last one- the error it gives is
"Failure/Error: get :show, id: course NoMethodError:undefined method `authenticate' for nil:NilClass"
I suspect I am having this issue because I have a before_action :authenticate_user! call and for someone not logged in, it tries to authenticate nil. Is there a way to make it fail gracefully and redirect to user_session? I tried to create an inherited version of authenticate_user to do the redirect, but it does not appear to work. I know this is probably a noob question but I have extensively searched around without any solution. thanks!
This is my controller:
class CoursesController < ApplicationController
before_action :authenticate_user!, except: [:index]
before_action :set_course, only: [:show]
def index
#course = Course.order('name')
end
def show
end
private
def set_course
#course = Course.find(params[:id])
end
def course_params
params.require(:course).permit(:name,:description,:department,:hidden,
:lecture_attributes => [:name,:description,:level])
end
def authenticate_user!
if user_signed_in?
super
else
redirect_to user_session
end
end
end
This is my spec:
require 'rails_helper'
RSpec.describe CoursesController, :type => :controller do
describe "user access " do
before(:each) do
#user = create(:user)
#request.env['devise.mapping'] = Devise.mappings[:user]
sign_in :user, #user
end
describe 'GET #index' do
it 'renders the :index view' do
get :index
expect(response).to render_template :index
end
end
describe 'GET #show' do
it 'assigns the requested course to #course' do
course = create(:course)
get :show, id: course
expect(assigns(:course)).to eq course
end
it 'renders the :show template' do
course = create(:course)
get :show, id: course
expect(response).to render_template :show
end
end
end
describe "guest access " do
describe 'GET #index' do
it 'renders the :index view' do
get :index
expect(response).to render_template :index
end
end
describe 'GET #show' do
it 'redirects to the login url' do
course = create(:course)
get :show, id: course
expect(response).to redirect_to 'user_session'
end
end
end
end
It seems that devise does the redirect to "users#sessions" itself when you add :authenticate_user! to the show action for a guest or a user that is not signed in.
Try removing your custom :authenticate_user! method and add "only: [:show]" to your before_action
class CoursesController < ApplicationController
before_action :authenticate_user!, only: [:show], except: [:index]
before_action :set_course, only: [:show]
def index
#course = Course.order('name')
end
def show
end
private
def set_course
#course = Course.find(params[:id])
end
def course_params
params.require(:course).permit(:name,:description,:department,:hidden,
:lecture_attributes => [:name,:description,:level])
end
end
Update
class CoursesController < ApplicationController
before_action :authenticate_user!, except: [:index]
before_action :set_course, only: [:show]
def index
#course = Course.order('name')
end
def show
if user_signed_in?
render :show
else
redirect_to user_session
end
end
private
def set_course
#course = Course.find(params[:id])
end
def course_params
params.require(:course).permit(:name,:description,:department,:hidden,
:lecture_attributes => [:name,:description,:level])
end
end
This isn't a super satisfying result but it appears as if authenticate_user! does not properly work with rspec. When I load the page directly, it correctly redirects to the login page, I am still interested to know what the proper work around is.
Can I have some sort of OR statement where I can first check if a user exists? There must be a standard way to deal with this problem so I can ensure my app is properly redirecting.
I've got an issue with my rspec tests and having looked through previous questions I haven't been able to resolve it. The test fails with the above error but the code works in practice, does anyone know how to resolve this?
Rspec:
describe "authentication of edit/update pages" do
before(:each) do
#user = Factory(:user)
end
describe "for non-signed in users" do
it "should deny access to 'edit'" do
get :edit, :id => #user
response.should redirect_to(signin_path)
end
it "should deny access to 'update'" do
put :update, :id => #user, :user => {}
response.should redirect_to(signin_path)
end
end
end
Sessions Helper:
def deny_access
redirect_to signin_path, :notice => "Please sign in to access this page."
end
Users Controller
class UsersController < ApplicationController
before_filter :authenticate, :only => [:edit, :update]
private
def authenticate
deny_access unless signed_in?
end
end
I guess you should change your code a bit:
def deny_access
redirect_to signin_path, :notice => "Please sign in to access this page." and return
end
I'm working through http://railstutorial.org (currently working on section 10.4.2 - destroying users).
My User model has a boolean admin attribute, and in the Users controller there is some simple code making use of this attribute:
def admin_user
redirect_to(root_path) unless current_user.admin?
end
The RSpec test:
describe "as a non-signed-in user" do
it "should deny access" do
delete :destroy, :id => #user
response.should redirect_to(signin_path)
end
end
And the error this test produces:
NoMethodError in 'UsersController DELETE 'destroy' as a non-signed-in user should deny access'
undefined method `admin?' for nil:NilClass
What is nil:NilClass? Why am I getting this?
edit: j., this might help:
def sign_in(user)
user.remember_me!
cookies[:remember_token] = { :value => user.remember_token,
:expires => 20.years.from_now.utc }
self.current_user = user
end
def current_user=(user)
#current_user = user
end
def current_user
#current_user ||= user_from_remember_token
end
Good news! Your rspec test found a bug!
Your controller method
def admin_user
redirect_to(root_path) unless current_user.admin?
end
is being called directly or indirectly by your controller's delete action.
And admin_user is being called when current_user is nil. So the admin_user method is failing with the error
undefined method `admin?' for nil:NilClass
fix: depends on how admin_user is being called and used. Is it in a filter?
Could be changed to either of
def admin_user
redirect_to(root_path) unless current_user && current_user.admin?
end
# or
def admin_user
redirect_to(root_path) if current_user && !current_user.admin?
end
depending on the situation....
It looks like your current_user object is nil and it should be nil.
As you are not signed in then surely your current _user is nil and then you are trying to get
nil.admin? so that's why it give No method error.
Probabily you should rewrite your method something like
def admin_user
redirect_to(root_path) unless current_user || current_user.admin?
end
Did you complete section 9.3.4 Current User of the tutorial? This creates a current_user variable within the SessionsController via the inclusion of the SessionsHelper module.
I had this exact problem, and I found that the underlying problem was that I'd failed to add :destroy to the before_filter :authenticate in app/controllers/users_controller.rb, as below (from listing 10.41:
before_filter :authenticate, :only => [:index, :edit, :update, :destroy]