过滤器链停止为:doorkeeper_authorize!呈现或重定向 [英] Filter chain halted as :doorkeeper_authorize! rendered or redirected
问题描述
这是如何在rspec中集成应用程序:
let (:app_country){FactoryGirl.create(:app_country)}
let(:valid_attributes){FactoryGirl.attributes_for(:app_city,{:app_country_id => app_country.id})}
let(:valid_session ){{:format => :json}}
let(:application){Doorkeeper :: Application.create!(:name =>App HQ dashboard,:redirect_uri =>https:// localhost:3000 / callback)}
let(:hq_user){app_country.hq_users.create!(FactoryGirl.attributes_for:hq_user)}
let(:token){Doorkeeper :: AccessToken.create! :application_id => application.id,:resource_owner_id => hq_user.id}
但是每次我尝试测试一个受保护的动作,测试失败,我得到控制台的以下输出:
过滤器链停止为:doorkeeper_authorize!渲染或重定向
完成403禁用在5ms(ActiveRecord:1.2ms)
这是工作罚款与以前版本的看门人。当我升级了门卫宝石时,测试就爆了。我究竟做错了什么?还是有一种新的方式来测试守门员保护的控制器?
更新
以下是实际的测试样本
描述POST创建do
描述有效参数do
它创建一个新的AppCitydo
expect {
post :create,{:app_city => valid_attributes,:v => HEAD,:payload_type => NODE,:access_token => token.token},valid_session
} .to更改(AppCity,:count).by(1)
end
它持续AppCitydo
post :create,{:app_city => valid_attributes,:v => HEAD,:access_token => token.token},valid_session
response_body = JSON.parse(response.body,symbolize_names:true)
expect(response_body [:id])。to beresent
end
它返回201状态do
post:create,{:app_city => valid_attributes,:v => HEAD,:access_token => token.token},valid_session
response.status.should eq(201)
end
end
描述with invalid paramsdo
it返回验证错误消息do
post:create,{:app_city => {name=> },:v => HEAD,:access_token => token.token},valid_session
response_body = JSON.parse(response.body,symbolize_names:true)
expect(response_body [:name])包含不能为空
结束
它返回一个422状态do
post:create,{:app_city => {name=> },:v => HEAD,:access_token => token.token},valid_session
response.status.should eq(422)
end
end
end
我终于找到了问题。我收到一个 403 Forbidden
,因为我发送的请求范围不足。我在doorkeeper.rb中定义了以下范围
#为您的提供商定义访问令牌范围
#有关详细信息转到https://github.com/applicake/doorkeeper/wiki/Using-Scopes
default_scopes:public
optional_scopes:write,:update
对于我的规格再次传递,我不得不指定哪些操作需要一个特定的访问令牌范围,例如:
class Api :: V1 :: ProductsController< Api :: V1 :: ApiController
before_action - > {doorkeeper_authorize! :public},仅::index
仅限before_action:[:create,:update,,destroy] do
doorkeeper_authorize! :admin,写
end
end
我最初只有code> before_action:doorkeeper_authorize !, except:[:index,:show] 。我需要做的是在上定义
,:写入
和:update
范围:create :更新
和:destroy
操作。或者完全取消范围。
我也使用CanCanCan,所以我猜这个范围在我的情况下应该是多余的。
I am building a Rails API and am currently using doorkeeper and devise to authenticate users with the ResourceOwnerFromCredentials flow. All works fine however, I cannot get the authentication to work in Rspec.
Here is how am integrating the app in rspec:
let(:app_country) { FactoryGirl.create(:app_country)}
let(:valid_attributes) { FactoryGirl.attributes_for(:app_city, {:app_country_id => app_country.id}) }
let(:valid_session) { {:format => :json} }
let(:application) { Doorkeeper::Application.create!(:name => "App HQ dashboard", :redirect_uri => "https://localhost:3000/callback") }
let(:hq_user) { app_country.hq_users.create!(FactoryGirl.attributes_for :hq_user) }
let(:token) { Doorkeeper::AccessToken.create! :application_id => application.id, :resource_owner_id => hq_user.id }
But each time I try to test a protected action, the tests fail and I get the following output from the console:
Filter chain halted as :doorkeeper_authorize! rendered or redirected
Completed 403 Forbidden in 5ms (ActiveRecord: 1.2ms)
This was working fine with the previous version of doorkeeper. The tests broke when I upgraded the doorkeeper gem. What am I doing wrong? Or is there a new way of testing doorkeeper protected controllers?
UPDATE
Below is an actual test sample
describe "POST create" do
describe "with valid params" do
it "creates a new AppCity" do
expect {
post :create, {:app_city => valid_attributes, :v => "HEAD", :payload_type => "NODE", :access_token => token.token}, valid_session
}.to change(AppCity, :count).by(1)
end
it "persists the AppCity" do
post :create, {:app_city => valid_attributes, :v => "HEAD", :access_token => token.token}, valid_session
response_body = JSON.parse(response.body, symbolize_names: true)
expect(response_body[:id]).to be_present
end
it "returns a 201 status" do
post :create, {:app_city => valid_attributes, :v => "HEAD", :access_token => token.token}, valid_session
response.status.should eq(201)
end
end
describe "with invalid params" do
it "returns validation error message" do
post :create, {:app_city => { "name" => "" }, :v => "HEAD", :access_token => token.token}, valid_session
response_body = JSON.parse(response.body, symbolize_names: true)
expect(response_body[:name]).to include "can't be blank"
end
it "returns a 422 status" do
post :create, {:app_city => { "name" => "" }, :v => "HEAD", :access_token => token.token}, valid_session
response.status.should eq(422)
end
end
end
I finally found the problem. I was getting a 403 Forbidden
because my I was sending a request with insufficient scope. I had defined the following scopes in doorkeeper.rb
# Define access token scopes for your provider
# For more information go to https://github.com/applicake/doorkeeper/wiki/Using-Scopes
default_scopes :public
optional_scopes :write, :update
For my specs to pass again I had to specify which actions required a specific access token scope e.g:
class Api::V1::ProductsController < Api::V1::ApiController
before_action -> { doorkeeper_authorize! :public }, only: :index
before_action only: [:create, :update, :destroy] do
doorkeeper_authorize! :admin, :write
end
end
I initially only had before_action :doorkeeper_authorize!, except: [:index, :show]
. What I needed to do was define the :write
and :update
scopes on the :create
, :update
and :destroy
actions. Or alternatively do away with the scopes completely.
I am also using CanCanCan so I guess the scopes should be redundant in my case.
这篇关于过滤器链停止为:doorkeeper_authorize!呈现或重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!