Closed MichaelSp closed 9 years ago
Checkout the discussion here: https://github.com/mgomes/api_auth/issues/50
Brief summary: I recommend not testing API Auth in a rails test and just stubbing it out with controller.stub(api_authenticate: true)
or controller.class.skip_before_filter :api_authenticate
However you can get the test running by mocking fullpath on the TestRequest object. The rspec way would be
allow_any_instance_of(ActionDispatch::TestRequest).to receive(:fullpath).and_return(controller_path)
also make sure the content type is set with something like request.env["HTTP_ACCEPT"] = "application/json"
Wow thanks for your immediate reply. I agree, the authentication should be tested inside of the gem. So there is no reason to test this again. I'll stub it out as you suggested. This topic seems like something for the Readme.
Here is my MiniTest-Spec code to stub the authentication:
before do
@controller.expects(:api_authenticate)
end
Oh by the way. Returning false from a before_action/before_filter in rails 4 won't stop the rendering of the action. That's why I raise/rescued and rendered head :unauthorized
.
See http://stackoverflow.com/questions/20623616/what-does-before-action-returning-false-do-in-rails-4
how can I test whether it is on? I put mine in a before_action in my api_controller.
I don't understand "whether it is on". What is "it"?
how can I test if the before_action is running? Sometimes I comment it out for postman/curl requests; it'd be nice to test whether api_auth is actually being used in my api.
You can test if there's a Authorization
header set in your request.
I'm trying to write test for an authenticated API-Access like so
The server side validation looks like this
This simple test case does not work. It always fails with
Minitest::Assertion: Expected response to be a <success>, but was <401>
. I was able to track this down to the following issue: The @request gets signed without thePATH-INFO
header. And it gets authenticated with thePATH-INFO
. ThePATH-INFO
is set inside ofget :index
. So there is no way to sign the request afterPATH-INFO
has been set.What do you think? Is there a way to get the test running?