Devise Signin Testing with RSpec for API

Question

      authenticate_with_http_token do |token, options|
    auth_key = AuthKey.find_by(authentication_token: token)
    if auth_key.present?
      if auth_key.token_valid?
        auth_key.touch
        sign_in(:user, auth_key.user, store: false, bypass: false) unless current_user.present?
      else
        render json: { message: t('invalid_otp_access'), errors: [t('token_expired')] }, status: 401 and return
      end
    else
      render json: { message: t('invalid_access_message'), errors: [t('invalid_access')] }, status: 401 and return
    end
  end

i need to write spec for the above code, in my controller i am using current_user.

My controller looks like below.

  def index
schedules = params[:type] == "upcoming" ? :upcoming : :past
schedules = current_user.audit_schedules.send(schedules)
if schedules.present?
  paginate json: schedules, per_page:10, root: false, each_serializer: Api::V1::MyAuditSerializer
else
  render json: { message: t('.no_audits_scheduled'), errors: [] }
end
end

and i am trying to test my index with passing valid token and params

context "with invalid attributes" do
  it "It will return list of audits" do
    request.headers["Authorization"] = "Token #{auth_key.authentication_token}"
    @request.env["devise.mapping"] = Devise.mappings[:user]
    get :index, { params: { type: "upcoming" } }
    expect(response.body).to eq 200
  end
end

the above spec returning body like

<html><body>You are being <a href=\"http://test.host/users/sign_in\">redirected</a>.</body></html>

And in my spec helper i included devise helpers like

  config.include Devise::TestHelpers, type: :controller

If i remove that helper current_user is always nil. if i add that helper it is redirecting like above, please let me know what i missed and how can i test those spec.

Answer 1

I think you want user_signed_in? vs. current_user.present? . This doesn't fix the problem.

You're sure user is not null? and that the user has been confirmed if you're using confirmable?

Digging through the code, I see this: if options[:bypass] warden.session_serializer.store(resource, scope) elsif warden.user(scope) == resource && !options.delete(:force) # Do nothing. User already signed in and we are not forcing it. true else warden.set_user(resource, options.merge!(scope: scope)) end if options[:bypass] warden.session_serializer.store(resource, scope) elsif warden.user(scope) == resource && !options.delete(:force) # Do nothing. User already signed in and we are not forcing it. true else warden.set_user(resource, options.merge!(scope: scope)) end if options[:bypass] warden.session_serializer.store(resource, scope) elsif warden.user(scope) == resource && !options.delete(:force) # Do nothing. User already signed in and we are not forcing it. true else warden.set_user(resource, options.merge!(scope: scope)) end source: https://github.com/hassox/warden/blob/906edf86c6c31be917a921097031b89361d022e8/lib/warden/proxy.rb

You can try adding :force which should force the setting of the user.