Struggling with rspec test

[francescor]

Hi, thanks for your great work!
I migrated from Devise for the JWT feature (and i found here a lot of new great possibilities)

everything works well but I am struggling with

• rspec testing (the login with user from fixtures)
• rswag-ui authorization with JWT

can you address me to some related documentation? thanks

[janko]

Hi, you're welcome!

rspec testing (the login with user from fixtures)

Have you seen this wiki page? Rodauth doesn't currently have any testing helpers (aside for light controller test support), so you typically just have to make requests, and in your case forward the JWT token in the Authorization header.

rswag-ui authorization with JWT

You'd just use routing constraints, regardless of whether it's JWT or session cookie authentication:

# config/routes.rb
Rails.application.routes.draw do
  constraints Rodauth::Rails.authenticate do
    mount Rswag::Ui::Engine, at: "/..."
  end
end

[francescor]

Hi, sorry I realized only now you answered me right away, thanks!

I've fixed the rswag-ui

# spec/swagger_helper.rb
Rswag::Helpers::SecurityScheme.defaults = :bearer_jwt
  config.swagger_docs = {
    'v1/swagger.yaml' => {
      openapi: '3.0.1',
      security: [Rswag::Helpers::SecurityScheme.security],
...

and

# app/misc/rodauth_main.rb
    enable :login, :logout, :remember, :jwt, :internal_request

Then I created the login API for /login, so now in rswag ui I hit login, the response return an authorization: token that I copy and enter it in the rswag ui "Authorize".

So, that is done, thanks.

Now I have all previous running rspec tests that do not work anymore: they are all something like this one:

require 'rails_helper'
  
  RSpec.describe CalendarController, type: :controller do
    fixtures :users, :roles, :users_roles
  
    before do
      sign_in users(:admin)
    end
  
    describe "GET #index" do
      it "returns http success" do
        get :index
        expect(response).to have_http_status(:success)
      end
    end
  end

The "sign_in" methods was provided by a test helper by Devise, so now I have to write it myself, and I am not able.

As you said, and as rswag-ui is doing, I have to add to the header of every request the JWT token

Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxx

I can somehow add the token to the header with something like https://stackoverflow.com/questions/42326434/how-to-do-request-spec-for-jwt-authenticate-app-using-rspec but I do not know how to get the token with rodauth: I am sure for you is something pretty basic, but I am not able :(

[janko]

For controller specs, try this:

RSpec.configure do |config|
  config.include Rodauth::Rails::Test::Controller, type: :controller
end

before do
  sign_in users(:admin)
end

def sign_in(account)
  @controller.rodauth.account_from_login(account.email)
  @controller.rodauth.login_session("password")
end

[francescor]

Oh, super, thank you so much!!!

I found this pretty dirty solution

#spec/controllers/customers_controller_spec.rb
    before do
       authenticated_header request, users(:admin)
    end

with

# spec/rails_helper.rb

  def authenticated_header(request, user)
    payload = { account_id: user.id, authenticated_by: ["password"] }
    token = JWT.encode payload, 'MYSECRET', 'HS256'
    request.headers.merge!(Authorization: "Bearer #{token}")
  end

but with your config.include Rodauth::Rails::Test::Controller, type: :controller is much much better!

[francescor]

so, with your help I've solved the rspec tests type: :controller

as for the type: :request I've had it working with

# spec/requests/customers_spec.rb
 require 'rails_helper'
  
  RSpec.describe "Customers", type: :request do
    fixtures :users, :roles, :users_roles
    let(:authorization_header) { authorization_header_for_user users(:admin) }
  
    describe "GET /customers" do
      it "responds to index page" do
        get customers_path, headers: authorization_header
        expect(response).to have_http_status(:ok)
      end
    end
...

with

#spec/rails_helper.rb
  def authorization_header_for_user(user)
    { 'Authorization' => "Bearer #{generate_token(user)}" }
  end

 def generate_token(user)
    payload = { account_id: user.id, authenticated_by: ["password"] }
    JWT.encode payload, 'MY_SECRET', 'HS256'
  end

maybe here too I can use some of your methods?

[janko]

Yeah, that's a good way to do it as well. Generating JWT tokens like this is also what we do in our application tests, which doesn't use Rodauth.