1. 首页
  2. 问答
  3. 如何使用RSpec为JWT身份验证应用程序请求规范

如何使用RSpec为JWT身份验证应用程序请求规范

2017-02-19 56 views
4

我有一个Rails 5 API唯一的应用程序,并使用敲击来进行JWT身份验证。如何使用RSpec为JWT身份验证应用程序请求规范

完成模型和模型规范后,我开始执行请求规范。

但我不知道如何完成以正确的方式要求规范内部认证,

我的用户控制器,

module V1 
    class UsersController < ApplicationController 
    before_action :authenticate_user, except: [:create] 
    end 
end

应用控制器,

class ApplicationController < ActionController::API 
    include Knock::Authenticable 
    include ActionController::Serialization 
end

我的愚蠢解决方案(也称获得令牌请求,其余请求之前得到JWT),

context 'when the request contains an authentication header' do 
    it 'should return the user info' do 
    user = create(:user) 
    post '/user_token', params: {"auth": {"email": user.email, "password": user.password }} 
    body = response.body 
    puts body # {"jwt":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0ODgxMDgxMDYsInN1YiI6MX0.GDBHPzbivclJfwSTswXhDkV0TCFCybJFDrjBnLIfN3Q"} 
    # use the retrieved JWT for future requests 
    end 
end

任何建议表示赞赏。

来源

2017-02-19 Xinyang Li

回答

4 
def authenticated_header(user) 
    token = Knock::AuthToken.new(payload: { sub: user.id }).token 
    { 'Authorization': "Bearer #{token}" } 
    end 

    describe 'GET /users?me=true' do 
    URL = '/v1/users?me=true' 
    AUTH_URL = '/user_token' 

    context 'when the request with NO authentication header' do 
     it 'should return unauth for retrieve current user info before login' do 
     get URL 
     expect(response).to have_http_status(:unauthorized) 
     end 
    end 

    context 'when the request contains an authentication header' do 
     it 'should return the user info' do 
     user = create(:user) 

     get URL, headers: authenticated_header(user) 
     puts response.body 
     end 
    end 
    end

来源

2017-02-19 11:37:15

0

在李信阳的回答帮助下,我能够实现类似于我的请求规范的东西。在此共享,供其他人查看备用实施。

# spec/requests/locations_spec.rb 
require 'rails_helper' 

RSpec.describe 'Locations API' do 
    let!(:user) { create(:user) } 
    let!(:locations) { create_list(:location, 10, user_id: user.id) } 

    describe 'GET /locations' do 
    it 'reponds with invalid request without JWT' do 
     get '/locations' 
     expect(response).to have_http_status(401) 
     expect(response.body).to match(/Invalid Request/) 
    end 

    it 'responds with JSON with JWT' do 
     jwt = confirm_and_login_user(user) 
     get '/locations', headers: { "Authorization" => "Bearer #{jwt}" } 
     expect(response).to have_http_status(200) 
     expect(json.size).to eq(10) 
    end 
    end 
end

confirm_and_login_user(user)是在其中在rails_helper.rb包括作为模块request_spec_helper定义:

# spec/support/request_spec_helper.rb 

module RequestSpecHelper 
    def json 
    JSON.parse(response.body) 
    end 

    def confirm_and_login_user(user) 
    get '/users/confirm', params: {token: user.confirmation_token} 
    post '/users/login', params: {email: user.email, password: 'password'} 
    return json['auth_token'] 
    end 
end

我使用JWT宝石为如本SitePoint教程中描述生成我的令牌(https://www.sitepoint.com/introduction-to-using-jwt-in-rails/

来源

2017-02-24 23:52:27 quicklikerabbit

相关问题

 相关问题