Im still trying to figure out rspec and right now I am using authlogic to handle my users and sessions. I did the usual authlogic stuff like adding the def current_user method to applciation controller, and as a helper method, but how do I access that in my rspec controller file?
Here is my user_sessions_controller_spec.rb:
require 'spec_helper'
require 'authlogic'
describe UserSessionsController do
context "user is already logged in" do
before(:each) do
include Authlogic::TestCase
activate_authlogic
UserSession.create Factory.build(:user)
end
it "should redirect the user to the home page" do
get 'new'
response.should redirect_to(home_path)
end
end
describe "#create" do
context "when the user is not logged in" do
before(:each) do
current_user = nil
end
it "correct authorization should create a new session" do
post 'create', {:login => "afactoryuser", :password => "apass", :password_confirmation => "apass"}
current_user.should_not be_nil
end
end
end
end
when i run rspec it just tells me:
correct authorization should create a new session
undefined local variable or method `current_user' for #<RSpec::Core::ExampleGroup::Nested_1::Nested_2::Nested_1:0x000001017d3410>
so im guessing it is in the rspec context...but how do i know it should be in user-sessions_controller? And am I even testing it correctly?
Insted of current_user in your RSpec, try controller.current_user
If you want to stub current_user method use: controller.stub!(:current_user).and_return(whatever) in before :each
block, but then you will always get whatever if you stub it.
Related
I have a situation where I'm writing a custom mutation resolver, and currently have to pass the current_user's ID from my frontend to be able to then perform a ::find on the User model. What would be ideal however, is to be able to use an instance of current_user so that I don't have to rely on passing over an ID to my GraphQL server.
I'm still fairly new to the world of Laravel and GraphQL in general, however I've been reading up on the Lighthouse docs that mention the #auth directive, and other StackOverflow answers that mention using auth('api')->user(), however that returns NULL for me. I should also mention that I'm using the lighthouse-graphql-passport-auth library for dealing with user authentication, if that makes any difference. Does anybody know how to access current_user?
public function __invoke($_, array $args)
{
// $user = \App\Models\User::find($args['id']); <--- not ideal
$user = auth('api')->user(); <--- returns NULL
var_dump($user);
foreach ($user->notifications as $notification) {
$notification->viewed = true;
$notification->save();
}
$notifications = $user->notifications->toArray();
return [
'status' => 'Success',
'notifications' => $notifications
];
}
I found an interesting part in the lighthouse-graphql-passport-auth docs that discuss setting a [global middleware][3] to insert the logged in user into the $context. This was exactly like what I needed, and after adding the line into the middleware section of lighthouse.php config as mentioned in the docs, I was able to use $context->user() to return the currently logged in user.
I am writing a test driven development for my strongloop API code with the help of loopback-testing .
Here they do not have any detailed document on this, so i am stuck with case of argument passing with the API call
Example i have a below case,
Method : PUT
URL : /api/admin/vineyard/<vineyard_id>
i need to pass the below arguments with this URL
1. 'vineyard_id' is a id of vine, it should be an integer .
2. in header = 'token'
3. in body = '{'name':'tastyWine','price':200}'
How can i pass these three arguments with this API ?
I can easily handle ,if there is only two types of arguments
Example :
Method : POST
`/api/user/members/<test_username>/auth'`
arguments : test_username and password
I can handle this like this ,
lt.describe.whenCalledRemotely('POST',
'/api/user/members/'+test_username+'/auth', {
'password': test_passwords
},
But how can i handle the above case , Many thanks for your answers for this example.
I'm not entirely sure what your specific problem is, but I will attempt to walk through everything you should need.
I am assuming you are using the predefined prototype.updateAttributes() method for your model as described here.
Next assumption is that you want to use the built-in authentication and authorization to allow the user to call this method. Given that assumption, you need something like this in your test code:
var vineyard_id = 123; //the id of the test item you want to change
var testUser = {email: 'test#test.com',password: 'test'};
lt.describe.whenCalledByUser(testUser, 'PUT', '/api/admin/vineyard/'+vineyard_id,
{
'name':'tastyWine',
'price':200
},
function () {
it('should update the record and return ok', function() {
assert.equal(this.res.statusCode, 200);
});
}
);
If you are using the out-of-the-box user model, you should be fine, but if you extended the model as is commonly done, you may need something like this early on in your test file:
lt.beforeEach.withUserModel('user');
Also, be aware of a few (currently incomplete) updates to will allow for better handling of built-in model extensions: Suggestions #56, Add support for non-default models #57, and givenLoggedInUser() function throws error #59.
I have the following:
collection_action :new, :method => :post do
begin
user = User.find_by_email(params[:email])
if user
UserPermission.create(:user_id => user.id,
:permission => UserPermission::SUPPORT,
:creator => current_user)
end
rescue ActiveRecord::RecordNotFound
flash[:warn] = 'User not found'
end
redirect_to admin_support_users_path, notice: 'Support user added.'
end
form do |f|
f.inputs do
f.input :email
end
end
action_item only: [:index], :method => :post do
link_to 'Add Support User', new_admin_support_user_path
end
The above works in the sense that no error is thrown. The support users page loads and I'm able to click the Add Support User button. However, 'Support user added.' is immediately shown. The Add Support User button does not take me to a form to enter an email. How do I add/create/use a form that passes an email parameter to my collection_action?
I'm new to activeadmin and documentation is sparse, so any help is appreciated. Thanks.
Figured it out. I'll try to explain as I understand it. And my initial question may have been unclear. The reason I was getting the, 'Support user added.' message is because I was updating the wrong method. The method above should have been the :create controller method, not the :new controller method. :new uses HTTP GET, which is why it would go directly to the redirect. :create accepts an HTTP POST. So, instead, I have the following:
def create
begin
user = User.find_by_email(params[:email])
if user
UserPermission.create(:user_id => user.id,
:permission => UserPermission::SUPPORT,
:creator => current_user)
end
rescue ActiveRecord::RecordNotFound
flash[:warn] = 'User not found'
end
redirect_to admin_support_users_path, notice: 'Support user added.'
end
def new
render 'new.html.arb', :layout => 'active_admin'
end
And this correctly creates a nice looking active admin form, accepting an email parameter.
You just need to add another action--just like a normal resource needs separate actions for create and new. Your 'new' action can render a custom form either inline or in a separate partial, as shown here:
http://www.activeadmin.info/docs/5-forms.html
That said, I'm not sure I understand why you need a custom action. Is this in your User resource file in active admin? If so you can just use the default new user action and include the current user in the form as a hidden variable as the creator. If this is not in your User resource active admin file then you probably need one.
I am trying to pass a segment to a controller. The url is like base_url/controller/function/seg1. I want to ensure that if the user try to enter the segment in the address bar, the controller would make sure there are not other words to be proceeded except the segment I want to pass.
For example, If the user tries to type base_url/main/function/(change this to other words) in address bar, the controller will filter the segment. I am not sure how to do it and would appreciate if someone can help me out.
Okay, so the best way to "secure" against such things would be to simply create a session at the time the user logs into your site with two values stored in that session;
1) Their database primary key id, and
2) a session item called 'logged_in'
At the time that your user would log into your site, you would store those two values like this;
$this->session->set_userdata('logged_in', true);
$this->session->set_userdata('user_id', $id);
Where $id is pulled from their user record during authentication.
Now that you have those in there, the next part would be that, in your controller, you would put an if statement in that checks if the user is logged in, as such;
function show($id) {
if($this->session->userdata('logged_in')) {
$posts = $this->Model_posts->get_user_posts($id);
}
}
Now, in your model, you would create a function for pulling the record that you want the user to be able to view based on their user_id. We'll say user posts for example.
function get_user_posts($user_id, $post_id) {
$sql = "SELECT * FROM posts WHERE user_id = ? AND id = ?";
$binds = array($user_id, $post_id);
$qry = $this->db->query($sql, $binds);
$result = array();
while($row = $qry->result_array()) {
array_push($result, $row);
}
return $result;
}
Now, when a logged in user or visitor tries to access records that don't belong to them, they will not retrieve any records because the select statement limits what's returned only to that user.
The structure you have there is
base_url/controller/action
So, your controller is already "filtering" it out because if you don't have a method/function in the controller (methods = actions) then your controller will trigger a 404 Page Not Found error. Of coarse, you could then handle your errors however you see fit, but from what you presented, the item you wish to filter is known as a controller action.
So for instance;
http://www.base_url.com/users/add
denotes that you wish to call the add (function) in the users controller.
If you want to pass the add action an argument, then you would do this as;
http://www.base_url.com/users/show/1
Where show would be a controller action and 1 would be the id of the user you wish to show.
I know it seems like I'm giving a basic intro to MVC methodologies, but like I said, the structure you showed plays out like I described.
Hope this helps.
I am trying to implement some tests to validate the behavior for Authlogic password resets as explained in http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/
I am using Authlogic, Shoulda, Webrat and Factory Girl and here's my test:
require 'test_helper'
class PasswordResetTest < ActionController::IntegrationTest
setup :activate_authlogic
context "A registered user" do
setup do
#reggie = Factory(:reggie)
end
should "not allow logged in users to change password" do
visit signin_path
fill_in 'Email', :with => #reggie.email
fill_in 'Password', :with => #reggie.password
click_button 'Sign In'
assert_equal controller.session['user_credentials'], #reggie.persistence_token
visit change_password_path
assert_equal account_path, path
assert_match /must be logged out/, flash[:notice]
visit signout_path
assert_equal controller.session['user_credentials'], nil
visit change_password_path
assert_equal change_password_path, path
end
should "allow logged out users to change password" do
visit signout_path
assert_equal controller.session['user_credentials'], nil
visit change_password_path
assert_template :new
fill_in 'email', :with => #reggie.email
click_button 'Reset my password'
assert_match /Please check your email/, flash[:notice]
assert !ActionMailer::Base.deliveries.empty?
sent = ActionMailer::Base.deliveries.first
assert_equal [#reggie.email], sent.to
assert_match /Password Reset Instructions/, sent.subject
assert_not_nil #reggie.perishable_token
#TODO
p "Perishable Token #{#reggie.perishable_token}"
assert_match assigns[:edit_password_reset_url], sent.body
end
end
end
In the last 2 lines of the test, I am trying to make sure the link sent out has the right perishable_token and it always comes up different between the printed Perishable Token and the token in the link sent out.
How should I test this behavior?
Thanks, Siva
Careful. Authlogic is magic. Certain operations cause the User object to mutate and when it does, the perishable_token well, perishes (gets regenerated).
I wonder if your visit signout_path is really logging you out. Typically, if your UserSession is RESTful you'd have to issue an HTTP DELETE to the resource to actually delete the session. Just visiting the path (with a GET) won't delete the session unless you have an explicit route for it (mapping e.g. '/logout' to :controller => 'user_sessions', :action => 'destroy')
Change the line in notifier.rb to this:
body :edit_password_resets_url => edit_password_resets_url(user.perishable_token)