Reputation: 536
RSpec testing devise controller actions, DELETE failing
I'm using RSpec to test my implementation of the mixture of Devise and the simple_token_authentication gem.
I using devise_for to tell Devise where to look for my sessions controller (source).
devise_for :users, controllers: {
registrations: 'users/devise/registrations',
sessions: 'users/devise/sessions'
}
In my sessions controller, I invoke a custom method if the request has a specific header (source).
def create
req_from_coposition_app? ? respond_with_auth_token : super
end
def destroy
req_from_coposition_app? ? destroy_auth_token : super
end
I have a test that ensures the user can get an auth token. The request works as expected (source).
it "should be able to sign in" do
request.headers["X-Secret-App-Key"] = "this-is-a-mobile-app"
request.env['devise.mapping'] = Devise.mappings[:user]
post :create,
user: {
email: user.email,
password: user.password
},
format: :json
expect(res_hash[:email]).to eq user.email
expect(res_hash[:authentication_token]).to eq user.authentication_token
end
Next, I'd like to test signing out (destroying the auth key). I am trying to use the following code:
it "should be able to sign out" do
token_before = user.authentication_token
request.env['devise.mapping'] = Devise.mappings[:user]
request.headers["X-Secret-App-Key"] = "this-is-a-mobile-app"
request.headers["X-User-Token"] = token_before
delete :destroy, nil, format: :json
expect(user.reload.authentication_token).to_not eq token_before
end
However, the Users::Devise::SessionsController#destroy is never hit.
response.status is 302, and
response.body
#=> "<html><body>You are being <a href=\"http://test.host/\">redirected</a>.</body></html>"
I have checked rake routes, formatted the request in different ways, and checked that the delete method wasn't being messed with anywhere. I am completely at loss as to why post :create works, but delete :destroy doesn't hit the action.
Upvotes: 0
Views: 903
Answers (1)
Reputation: 11
You're not fooling the before filter on line 4 here https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb
Devise thinks no one is signed in and is bouncing you away from the destroy action. Skip it, stub it, trick it.
Upvotes: 1
Related Questions
- RSpec testing destroy action
- RSpec testing a destroy action with a conditional
- Rails 5 with Devise, testing Controllers with Rspec (destroy action)
- Writing a rspec test for delete action in controller
- Rspec delete object failure with method has_many throw, No route matches {:action=>"destroy"
- Testing destroy method failure in Controller test
- Rails 4 with Devise, testing Controllers with Rspec
- Destroy method in testing controller with rspec
- devise rspec tests
- Testing controllers in Rails 3 with Devise and RSpec