mgomes
Add a signed method to ActiveSupport::TestCase
When api_auth is used for authentication, you can no longer write controller tests without mocking or stubbing your authenticate method, but this may hide some bugs or unexpected behavior and short circuits the security layer of your API.
You can't sign the request directly in you test because before you call your action because headers aren't set yet so authentication will still fail.
I've added a signed method that accepts the access_id and secret_key as parameters and will sign the request after the headers have been set. I modeled it after the xhr method, so you you have to pass the verb as well.
should 'have access to teams in other organizations' do
team = create(:team)
api_key = create(:api_key, role) # This creates a user with the passed in roll and an access_id and secret_key that belongs to that user. This is an application detail your app must implement.
signed :get, :index, api_key.access_id, api_key.secret_key, format: :json
assert_response :success
end
When api_auth is used for authentication, you can no longer write controller tests without mocking or stubbing your authenticate method, but this may hide some bugs or unexpected behavior and short circuits the security layer of your API.
I can see why you don't want to "short-circuit the security layer" but what about stubbing the authenticate method in controller specs and using request specs for an end-to-end test including authentication?
Also, ActiveSupport::TestCase doesn't seem to ship with Rails 2.3 which we're still testing against.
what about stubbing the authenticate method in controller specs and using request specs for an end-to-end test including authentication?
Wouldn't the request spec have the same problem of signing the request? Where would it get signed in the request spec? I'll commit a fix for rails 2.3.2.
