堆栈内存溢出
  简体   繁体   English

RSPEC:如何测试控制器操作返回JSON Web令牌

[英]RSPEC: How to test that a JSON Web Token is returned by controller action

 原文  2015-05-30 20:12:42       ruby-on-rails/ rspec/ jwt

问题描述

I am using Devise and JWT's to authenticate users in a project I am writing. 我正在使用Devise和JWT来验证我正在编写的项目中的用户。 I am having a hard time figuring out how to write a useful test to expect a JWT response.body (since each is encrypted). 我很难搞清楚如何编写一个有用的测试来期待一个JWT response.body因为每个都是加密的。

The only thing I can think of is to test that they are structured as a JWT should be (a 3 segment, '.' delimited string). 我唯一能想到的就是测试它们的结构是否应该是JWT(一个3段, '.'分隔的字符串)。

Has anyone encountered testing random/hashed returns and come up with a better solution? 有没有人遇到测试随机/散列回报并提出更好的解决方案? 

describe SessionTokensController, type: :controller do
  let(:current_user) { FactoryGirl.create(:user) }

  before(:each) do
    sign_in current_user
  end

  describe '#create' do
    it 'responds with a JWT' do
      post :create
      token = JSON.parse(response.body)['token']

      expect(token).to be_kind_of(String)
      segments = token.split('.')
      expect(segments.size).to eql(3)
    end
  end
end

2 个解决方案

解决方案1
 1 已采纳  2016-07-04 16:01:46

It really depends on what exactly you want to test. 这实际上取决于你想要测试的内容。

If you simply want to test if the returned token exists and is valid you can do the following: 如果您只想测试返回的令牌是否存在且是否有效,则可以执行以下操作: 

it 'responds with a valid JWT' do
  post :create
  token = JSON.parse(response.body)['token']

  expect { JWT.decode(token, key) }.to_not raise_error(JWT::DecodeError)
end

Although it seems much more useful to validate the claims that the token includes: 虽然验证令牌包含的声明似乎更有用: 

let(:claims) { JWT.decode(JSON.parse(response.body)['token'], key) }

it 'returns a JWT with valid claims' do
  post :create
  expect(claims['user_id']).to eq(123)
end

In the latter example you can validate the exact claims you included in the JWT. 在后一个示例中,您可以验证您在JWT中包含的确切声明。

解决方案2
 0  2018-06-13 18:19:47

    let(:user) { create(:user, password: "123456") }

      describe "POST authenticate_user" do
        context "with a valid password" do
          it "authenticates successfully" do
            post :authenticate_user, params:{email: user.email, password: "123456"}, format: :json
            parsed_body = JSON.parse(response.body)
            # binding.pry
            expect(parsed_body.keys).to match_array(["auth_token", "user"])
            expect(parsed_body['user']['email']).to eql("joe@gmail.com")
            expect(parsed_body['user']['id']).to eql(user.id)
          end

          it "authentication fails" do
            post :authenticate_user, params:{email: user.email, password: "123456789"}, format: :json
            parsed_body = JSON.parse(response.body)
            expect(parsed_body['errors'][0]).to eql("Invalid Username/Password")
          end
        end
      end

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用Rspec测试控制器 - #show动作 - How to test controller with Rspec - #show action RSpec 控制器规范:如何测试呈现的 JSON? - RSpec controller spec: How to test rendered JSON? 无法在RSpec中测试控制器动作 - Unable to test controller action in rspec 控制器操作未在rspec测试中运行 - Controller action not running in rspec test Rails 3.1 Rspec Rails 2-如何测试此控制器操作? - Rails 3.1 Rspec Rails 2 - How can I test this controller action? 在Rspec中,如何测试没有路由的控制器动作? - In Rspec, how test a controller action that does not have a route? Rspec:如何测试控制器的around_action过滤器? - Rspec: How to test a controller's around_action filter? 如何在Rails控制器动作的RSpec测试中指定查询字符串? - How to specifiy the query string in an RSpec test of a Rails controller action? 我将如何将此 curl 请求转换为此控制器操作的 RSpec 测试 - How would I turn this curl request into an RSpec test for this controller action 如何在controller中测试Rspec - How to test Rspec in controller
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM