Igg*_*ggy 6 rspec ruby-on-rails http-status-code-302 rails-api
我已经在这个问题上停留了几天,但我不知道这是怎么回事。几个月前,我开始使用Ruby on Rails,目前正在学习API的身份验证。我已经在其他类似的主题看上去这里和那里,但没有他们的帮助。
我的问题是,无论何时我在此代码上运行RSpec(位于spec/api/v1/controllers/posts_controller_spec.rb)
require 'rails_helper'
RSpec.describe Api::V1::PostsController, type: :controller do
let(:my_user) { create(:user) }
let(:my_topic) { create(:topic) }
let(:my_post) { create(:post, topic: my_topic, user: my_user) }
context "unauthenticated user" do
it "PUT update returns http unauthenticated" do
put :update, topic_id: my_topic.id, id: my_post.id, post: {title: my_post.title, body: my_post.body}
expect(response).to have_http_status(401)
end
...
我不断
...
spec/api/v1/controllers/posts_controller_spec.rb -e "unauthenticated user"
Run options: include {:full_description=>/unauthenticated\ user/}
FFF
Failures:
1) PostsController unauthenticated user PUT update returns http unauthenticated
Failure/Error: expect(response).to have_http_status(401)
expected the response to have status code 401 but it was 302
# ./spec/api/v1/controllers/posts_controller_spec.rb:12:in `block (3 levels) in <top (required)>'
如果有帮助,我的控制器app/controllers/api/v1/posts_controller_spec.rb有
class Api::V1::PostsController < Api::V1::BaseController
before_action :authenticate_user, except: [:index, :show]
before_action :authorize_user, except: [:index, :show]
def update
post = Post.find(params[:id])
if post.update_attributes(post_params)
render json: post.to_json, status: 200
else
render json: {error: "Post update failed", status: 400}, status: 400
end
end
...
我的base_controller
class Api::V1::BaseController < ApplicationController
skip_before_action :verify_authenticity_token
rescue_from ActiveRecord::RecordNotFound, with: :not_found
rescue_from ActionController::ParameterMissing, with: :malformed_request
def authenticate_user
authenticate_or_request_with_http_token do |token, options|
@current_user = User.find_by(auth_token: token)
end
end
def authorize_user
unless @current_user && @current_user.admin?
render json: {error: "Not Authorized", status: 403}, status: 403
end
end
def malformed_request
render json: {error: "The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.", status: 400}, status: 400
end
def not_found
render json: {error: "Record not found", status: 404}, status: 404
end
end
最后,routes.rb显示:
namespace :api do
namespace :v1 do
resources :users, only: [:index, :show, :create, :update]
resources :topics, except: [:edit, :new] do
resources :posts, only: [:update, :create, :destroy]
end
end
end
我很想知道我的before_action是罪魁祸首,但是我无法指出我做错了什么。我使用类似的RSpec测试和我的Topic RSpec通过对主题(帖子嵌套在主题中)进行了类似的操作,而我的帖子RSpec失败了。
有人可以帮我指出我做错了什么,如何通过RSpec测试并且不显示302状态代码?
另外,为什么显示302状态码?
问题是你正在使用
before_action :authenticate_user, except: [:index, :show],可能是 Devise 的帮手,对吧?如果是这样,当您尝试在未登录的情况下访问资源时,此帮助程序会将您重定向到登录页面,这是您在使用浏览器时期望发生的情况,但您的情况并非如此。您可以找到一些替代方案,覆盖 Devise 行为,我的解决方案是定义我的authenticate_user!方法,以便在用户未登录时返回 401,使用另一个 devise 辅助方法,如下所示:
def authenticate_user!
if user_signed_in?
@user = current_user
else
head :unauthorized
end
end
这是对我有用的情况,你的可能会有所不同。
| 归档时间: |
|
| 查看次数: |
1476 次 |
| 最近记录: |