Practical way to test controller authentication with rspec

Question

I'm wondering if there are better ways to write controller request specs than how I currently do it. I'm using the devise gem for authentication. This is how I'd test an admin controller:

  describe "#index" do
    context "when not logged in" do
      it "redirects to root page" do
        get admin_index_path

        expect(response).to redirect_to root_path
      end
    end

    context "when logged in as an user" do
      before { sign_in user }

      it "redirects to root page" do
        get admin_index_path

        expect(response).to redirect_to root_path
      end
    end

    context "when logged in as an admin" do
      before { sign_in admin }

      it "opens the page" do
        get admin_index_path
        expect(response).to be_success
      end
    end
  end

As you can see there is some "boilerplate" code which repeats over many of my controllers. For controllers which require a user to be logged in, I'd had to write a "not logged in" spec for every controller action. How do you do this? Is there a way to maybe shorten/share the code between the specs? The only thing that changes is the path.

Amit Patel · Accepted Answer

@Linus here is refactored version of your answer

shared_examples "requires login" do |path, user_type|
  context "when not logged in" do
    it "redirects to root path" do
      get public_send("#{path}_path")

      expect(response).to redirect_to root_path
    end
  end

  context "as an #{user_type}" do
    it "redirects to root path" do
      sign_in create(user_type)

      get public_send("#{path}_path")

      expect(response).to redirect_to root_path
    end
  end
end

And use it like

it_behaves_like "requires login", "admin_index", :user for user

it_behaves_like "requires login", "admin_index", :admin for admin

Practical way to test controller authentication with rspec

Answers (2)

Related Questions