1. 首頁
  2. 問答
  3. 過濾器鏈暫停爲:doorkeeper_authorize!呈現或重定向

過濾器鏈暫停爲:doorkeeper_authorize!呈現或重定向

2015-08-03 77 views
0

我正在構建一個Rails API,並且正在使用門衛和設計來驗證用戶使用ResourceOwnerFromCredentials流程的。所有工作正常,但是,我無法獲得認證工作在Rspec過濾器鏈暫停爲:doorkeeper_authorize!呈現或重定向

這裏是怎麼了整合應用中的RSpec:

let(:app_country) { FactoryGirl.create(:app_country)} 
    let(:valid_attributes) { FactoryGirl.attributes_for(:app_city, {:app_country_id => app_country.id}) } 
    let(:valid_session) { {:format => :json} } 

    let(:application) { Doorkeeper::Application.create!(:name => "App HQ dashboard", :redirect_uri => "https://localhost:3000/callback") } 
    let(:hq_user) { app_country.hq_users.create!(FactoryGirl.attributes_for :hq_user) } 
    let(:token) { Doorkeeper::AccessToken.create! :application_id => application.id, :resource_owner_id => hq_user.id }

但每次我試圖時間來測試一個受保護的動作,測試失敗,我從控制檯輸出如下:

Filter chain halted as :doorkeeper_authorize! rendered or redirected 
Completed 403 Forbidden in 5ms (ActiveRecord: 1.2ms)

這與以前版本的門衛正常工作。當我升級守門人寶石時,測試破裂了。我究竟做錯了什麼?或者有沒有一種測試守門員保護控制器的新方法?

UPDATE
下面是一個實際的測試樣品

describe "POST create" do 
     describe "with valid params" do 
      it "creates a new AppCity" do 
       expect { 
        post :create, {:app_city => valid_attributes, :v => "HEAD", :payload_type => "NODE", :access_token => token.token}, valid_session 
       }.to change(AppCity, :count).by(1) 
      end 

      it "persists the AppCity" do 
       post :create, {:app_city => valid_attributes, :v => "HEAD", :access_token => token.token}, valid_session 
       response_body = JSON.parse(response.body, symbolize_names: true) 
       expect(response_body[:id]).to be_present 
      end 

      it "returns a 201 status" do 
       post :create, {:app_city => valid_attributes, :v => "HEAD", :access_token => token.token}, valid_session 
       response.status.should eq(201) 
      end 
     end 

     describe "with invalid params" do 
      it "returns validation error message" do 
       post :create, {:app_city => { "name" => "" }, :v => "HEAD", :access_token => token.token}, valid_session 
       response_body = JSON.parse(response.body, symbolize_names: true) 
       expect(response_body[:name]).to include "can't be blank" 
      end 

      it "returns a 422 status" do 
       post :create, {:app_city => { "name" => "" }, :v => "HEAD", :access_token => token.token}, valid_session 
       response.status.should eq(422) 
      end 
     end 
    end

來源

2015-08-03 awsmketchup

+0

您是否還需要應用創建的令牌?以某種方式在請求中提供它? 您是否可以提供更完整的測試,包括設置和實際測試以及有效載荷? –

+0

@EmilKampp我編輯了這個問題,包括實際測試 – awsmketchup

回答

1

我終於發現了問題。我得到了403 Forbidden,因爲我發送的請求範圍不足。我曾在doorkeeper.rb

# Define access token scopes for your provider 
# For more information go to https://github.com/applicake/doorkeeper/wiki/Using-Scopes 
default_scopes :public 
optional_scopes :write, :update

定義下列範圍對於我的規格通過再次我必須指定哪些行爲需要特定的訪問令牌範圍e.g:

class Api::V1::ProductsController < Api::V1::ApiController 
    before_action -> { doorkeeper_authorize! :public }, only: :index 
    before_action only: [:create, :update, :destroy] do 
    doorkeeper_authorize! :admin, :write 
    end 
end

我最初只有before_action :doorkeeper_authorize!, except: [:index, :show]。我需要做的是在:create,:update:destroy動作上定義:write:update示波器。或者,也可以徹底取消範圍。

我也使用CanCanCan,所以我猜這個範圍在我的情況下應該是多餘的。

Further reading here

來源

2015-08-05 11:54:29 awsmketchup

相關問題

 相關問題