0

You can't do anything in my Rails application (aside from hitting the landing page) without logging in. I've been spending a lot of time getting authentication to work (Devise in my controller specs and Warden in my feature specs).

Am I going down the right path? It kind of feels wrong since I want to test my controllers themselves... not necessarily repeating authentication testing over and over (aside from explicitly testing authentication in my User controller).

What are the best practices? Do you explicitly authenticate everywhere or do you fake auth somehow and focus on your individual controller/feature specs without authentication?

Community
  • 1
  • 1
RobertJoseph
  • 7,968
  • 12
  • 68
  • 113

1 Answers1

1

It kind of feels wrong since I want to test my controllers themselves... not necessarily repeating authentication testing over and over (aside from explicitly testing authentication in my User controller).

That's why Devise provides its own test helpers for testing controllers. You don't need to test your authorization code every time, you just need a helper that will authorize user in your tests.

Minimal setup:

rails_helper.rb

require 'spec_helper'
require 'rspec/rails'
# note: require 'devise' after require 'rspec/rails'
require 'devise'

RSpec.configure do |config|
  config.include Devise::TestHelpers, :type => :controller
end

Then, in your controller specs:

# in case you use FactoryGirl, if you don't, just create your models as you like
let(:current_user) { FactoryGirl.create(:user) } 
before do
  # this line is needed for testing Devise controllers
  @request.env["devise.mapping"] = Devise.mappings[:user]
  sign_in current_user
end
Alexey Shein
  • 7,342
  • 1
  • 25
  • 38