rspecruby-on-rails-5.2http-token-authentication

Tests for signing in User using token and SimpleTokenAuthentication failing because SimpleTokenAuthentication not signing in user

Rails 5.2 gem: SimpleTokenAuthentication

I have the following controller:

class RegistrationsController < ApplicationController
  acts_as_token_authentication_handler_for  User, only: [:start]
  
 

  def start
    binding.pry
    if user_signed_in?
      redirect_to edit_user_path(current_user)
    else
      redirect_to new_user_session_path
    end
  end

end

I have a page with a link with the user_email and user_token parameters filled with the appropriate data.

When I click the link the acts_as_token_authentication_handler_for User signs in the user if the token is valid and the email belongs to a user in the database.

However, when I try to run a simple rspec test I get an internal server error.

Here is the Rspec test:

RSpec.describe 'Registering New Staff' do

  let(:new_user) { create(:user) }

  describe 'accessing the registration start page' do

    it 'redirects to the edit user path when user signed in' do
      params = { user_email: new_user.email, user_token: new_user.authentication_token }
      get start_registration_path(params)
      expect(response).to redirect_to(edit_user_path(new_user))
    end
  end

Here is the error I get:

  Failure/Error: expect(response).to redirect_to(edit_user_path(new_user))
       Expected response to be a <3XX: redirect>, but was a <500: Internal Server Error>

It seems that there is something going wrong with the sign in process with acts_as_token_authentication_handler_for but I can't figure it out.

Any help appreciated.

Solution

  • In the end I wound up not using SimpleTokenAuthentication and used my own code as follows:

    class RegistrationsController < ApplicationController 
  before_action :authenticate_user_from_token!, only: [:start]

  def preview
  end

  def start
    authorize :registration
    if user_signed_in?
      redirect_to edit_user_path(current_user)
    else
      raise Pundit::NotAuthorizedError
    end
  end

  def calendar
    authorize :registration
  end

  def confirmation
    authorize :registration
    current_user.register
  end


  private

  def authenticate_user_from_token!
    sign_out current_user if user_signed_in?
    if user && Devise.secure_compare(user.authentication_token, params[:user_token])
      sign_in user 
      @current_user = user
      renew_authentication_token
    end
  end

  def user
    @user ||= User.find_by(email: params[:user_email])
  end

  def renew_authentication_token
    current_user.renew_authentication_token!
  end

end