过滤器链停止为:doorkeeper_authorize!呈现或重定向
Filter chain halted as :doorkeeper_authorize! rendered or redirected
我正在构建一个 Rails API,目前正在使用门卫和设计来使用 ResourceOwnerFromCredentials 流程对用户进行身份验证。一切正常,但是,我无法在 Rspec 中进行身份验证。
以下是如何在 rspec 中集成该应用程序:
let(:app_country) { FactoryGirl.create(:app_country)}
let(:valid_attributes) { FactoryGirl.attributes_for(:app_city, {:app_country_id => app_country.id}) }
let(:valid_session) { {:format => :json} }
let(:application) { Doorkeeper::Application.create!(:name => "App HQ dashboard", :redirect_uri => "https://localhost:3000/callback") }
let(:hq_user) { app_country.hq_users.create!(FactoryGirl.attributes_for :hq_user) }
let(:token) { Doorkeeper::AccessToken.create! :application_id => application.id, :resource_owner_id => hq_user.id }
但是每次我尝试测试受保护的操作时,测试都会失败,并且我从控制台得到以下输出:
Filter chain halted as :doorkeeper_authorize! rendered or redirected
Completed 403 Forbidden in 5ms (ActiveRecord: 1.2ms)
这在以前版本的 doorkeeper 上运行良好。当我升级 doorkeeper gem 时,测试失败了。我究竟做错了什么?或者是否有一种新的方法来测试受门卫保护的控制器?
更新
下面是实际测试样本
describe "POST create" do
describe "with valid params" do
it "creates a new AppCity" do
expect {
post :create, {:app_city => valid_attributes, :v => "HEAD", :payload_type => "NODE", :access_token => token.token}, valid_session
}.to change(AppCity, :count).by(1)
end
it "persists the AppCity" do
post :create, {:app_city => valid_attributes, :v => "HEAD", :access_token => token.token}, valid_session
response_body = JSON.parse(response.body, symbolize_names: true)
expect(response_body[:id]).to be_present
end
it "returns a 201 status" do
post :create, {:app_city => valid_attributes, :v => "HEAD", :access_token => token.token}, valid_session
response.status.should eq(201)
end
end
describe "with invalid params" do
it "returns validation error message" do
post :create, {:app_city => { "name" => "" }, :v => "HEAD", :access_token => token.token}, valid_session
response_body = JSON.parse(response.body, symbolize_names: true)
expect(response_body[:name]).to include "can't be blank"
end
it "returns a 422 status" do
post :create, {:app_city => { "name" => "" }, :v => "HEAD", :access_token => token.token}, valid_session
response.status.should eq(422)
end
end
end
终于找到问题了。我收到 403 Forbidden 是因为我发送的请求范围不足。我在 doorkeeper.rb
中定义了以下范围
# Define access token scopes for your provider
# For more information go to https://github.com/applicake/doorkeeper/wiki/Using-Scopes
default_scopes :public
optional_scopes :write, :update
为了让我的规范再次通过,我必须指定哪些操作需要特定的访问令牌范围,例如:
class Api::V1::ProductsController < Api::V1::ApiController
before_action -> { doorkeeper_authorize! :public }, only: :index
before_action only: [:create, :update, :destroy] do
doorkeeper_authorize! :admin, :write
end
end
我最初只有 before_action :doorkeeper_authorize!, except: [:index, :show]。我需要做的是在 :create、:update 和 :destroy 操作上定义 :write 和 :update 范围。或者完全取消作用域。
我也在使用 CanCanCan,所以我想在我的情况下范围应该是多余的。
我正在构建一个 Rails API,目前正在使用门卫和设计来使用 ResourceOwnerFromCredentials 流程对用户进行身份验证。一切正常,但是,我无法在 Rspec 中进行身份验证。
以下是如何在 rspec 中集成该应用程序:
let(:app_country) { FactoryGirl.create(:app_country)}
let(:valid_attributes) { FactoryGirl.attributes_for(:app_city, {:app_country_id => app_country.id}) }
let(:valid_session) { {:format => :json} }
let(:application) { Doorkeeper::Application.create!(:name => "App HQ dashboard", :redirect_uri => "https://localhost:3000/callback") }
let(:hq_user) { app_country.hq_users.create!(FactoryGirl.attributes_for :hq_user) }
let(:token) { Doorkeeper::AccessToken.create! :application_id => application.id, :resource_owner_id => hq_user.id }
但是每次我尝试测试受保护的操作时,测试都会失败,并且我从控制台得到以下输出:
Filter chain halted as :doorkeeper_authorize! rendered or redirected
Completed 403 Forbidden in 5ms (ActiveRecord: 1.2ms)
这在以前版本的 doorkeeper 上运行良好。当我升级 doorkeeper gem 时,测试失败了。我究竟做错了什么?或者是否有一种新的方法来测试受门卫保护的控制器?
更新
下面是实际测试样本
describe "POST create" do
describe "with valid params" do
it "creates a new AppCity" do
expect {
post :create, {:app_city => valid_attributes, :v => "HEAD", :payload_type => "NODE", :access_token => token.token}, valid_session
}.to change(AppCity, :count).by(1)
end
it "persists the AppCity" do
post :create, {:app_city => valid_attributes, :v => "HEAD", :access_token => token.token}, valid_session
response_body = JSON.parse(response.body, symbolize_names: true)
expect(response_body[:id]).to be_present
end
it "returns a 201 status" do
post :create, {:app_city => valid_attributes, :v => "HEAD", :access_token => token.token}, valid_session
response.status.should eq(201)
end
end
describe "with invalid params" do
it "returns validation error message" do
post :create, {:app_city => { "name" => "" }, :v => "HEAD", :access_token => token.token}, valid_session
response_body = JSON.parse(response.body, symbolize_names: true)
expect(response_body[:name]).to include "can't be blank"
end
it "returns a 422 status" do
post :create, {:app_city => { "name" => "" }, :v => "HEAD", :access_token => token.token}, valid_session
response.status.should eq(422)
end
end
end
终于找到问题了。我收到 403 Forbidden 是因为我发送的请求范围不足。我在 doorkeeper.rb
# Define access token scopes for your provider
# For more information go to https://github.com/applicake/doorkeeper/wiki/Using-Scopes
default_scopes :public
optional_scopes :write, :update
为了让我的规范再次通过,我必须指定哪些操作需要特定的访问令牌范围,例如:
class Api::V1::ProductsController < Api::V1::ApiController
before_action -> { doorkeeper_authorize! :public }, only: :index
before_action only: [:create, :update, :destroy] do
doorkeeper_authorize! :admin, :write
end
end
我最初只有 before_action :doorkeeper_authorize!, except: [:index, :show]。我需要做的是在 :create、:update 和 :destroy 操作上定义 :write 和 :update 范围。或者完全取消作用域。
我也在使用 CanCanCan,所以我想在我的情况下范围应该是多余的。