如何测试Rails使用RSpec在RESTful API中使用令牌身份验证设置登录?
[英]How to test Rails devise login with token auth in a RESTful API with RSpec?
问题描述
I built a RESTful API using Ruby on Rails and am now at the point of only letting authenticated users make requests. 
我使用Ruby on Rails构建了一个RESTful API,现在我只是让经过身份验证的用户发出请求。 Therefore I implemented an ApiController: 因此我实现了一个ApiController:
class ApiController < ApplicationController
include DeviseTokenAuth::Concerns::SetUserByToken
before_action :authenticate_api_v1_user!
end
I use a React client that sends the required auth headers with every request. 我使用React客户端,每次请求都会发送所需的auth标头。 It all works well so far. 到目前为止一切运作良好。 Only that I have problems simulating the login in my request specs. 只有我在我的请求规范中模拟登录时遇到问题。
In theory, I would create a user and log them in. But how do I send the token along with the request? 从理论上讲,我会创建一个用户并将其登录。但是如何将令牌与请求一起发送?
describe 'Items API', type: :request do
# initialize test data
let!(:user) { create(:user) }
let!(:items) { create_list(:item, 10) }
# Test suite for GET /api/v1/items
describe 'GET /api/v1/items' do
# make HTTP get request before each example
before { get '/api/v1/items' }
it 'returns items' do
expect(json).not_to be_empty
expect(json.size).to eq(10)
end
it 'returns status code 200' do
expect(response).to have_http_status(200)
end
end
...
end
The crucial part of the request is the request cookie: 请求的关键部分是请求cookie:
authHeaders {
"access-token":"sMKTl2Zx_8S5f12ydhSaPw",
"token-type":"Bearer",
"client":"rzarzdBXCv2SsS9XvYMLVA",
"expiry":"1546427742",
"uid":"104006675969015609263"
}
It is sent along with the request. 它随请求一起发送。
3 个解决方案
解决方案1
1 2018-12-20 13:21:21
Not sure, but one work around could be to sign in user and then add auth token to the header params. 不确定,但一个解决办法可能是登录用户,然后将auth令牌添加到标题参数。
Module AuthSpecHelper
def auth_spec_request(user)
request.headers.merge!(user.create_new_auth_token) if sign_in(user)
end
end
解决方案2
1 2018-12-24 09:18:54
I found this on the Devise Wiki: How To: sign in and out a user in Request type specs (specs tagged with type: :request) 我在Devise Wiki上找到了这个: 如何:在请求类型规范中登录和注销用户(使用type :: request标记的规范)
...but a simpler approach is to just:
spec/rails_helper.rb
RSpec.configure do |config| # ... config.include Devise::Test::IntegrationHelpers, type: :request endAnd just use
sign_inin your request spec.sign_in。This is the equivalent of declaring
include Devise::Test::IntegrationHelpersin an system/feature spec or Rails system/controller test.include Devise::Test::IntegrationHelpers。
解决方案3
0 2018-12-17 18:08:03
You can add headers to the get request, like so: 您可以向get请求添加标头,如下所示:
get 'path', params: {...}, headers: {...}
https://api.rubyonrails.org/classes/ActionDispatch/Integration/RequestHelpers.html#method-i-get https://api.rubyonrails.org/classes/ActionDispatch/Integration/RequestHelpers.html#method-i-get
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.