7

A related question implies that I can test a request with token authentication, in my intergration tests, as follows:

get "/v1/sites", nil, :authorization => "foo"
assert_response :success

For some reason, the headers don't get to my application:

get "/v1/sites", nil, :authorization => "foo"
assert_match response.headers, /foo/

Expected {"X-Frame-Options"=>"SAMEORIGIN", "X-XSS-Protection"=>"1; mode=block", "X-Content-Type-Options"=>"nosniff", "X-UA-Compatible"=>"chrome=1", "WWW-Authenticate"=>"Token realm=\"Application\"", "Content-Type"=>"text/html; charset=utf-8", "Cache-Control"=>"no-cache", "X-Request-Id"=>"23915302-9cfe-424d-86fe-5d60bc0d6b2c", "X-Runtime"=>"0.054857", "Content-Length"=>"27"} to match /foo/.

The authorization-header does not get through, which I can confirm when placing a throw response.headers in the controller. When I test with e.g. curl, I do see the header coming through. And there I can even set the token and get access. The relevant code from the controller is:

module V1
  class SitesController < ApplicationController
    before_filter :restrict_access, :only => :index

    def index
      head :success
    end

    private
    def restrict_access
      authenticate_or_request_with_http_token do |token, options|
        token == "foo"
      end
    end
  end 
end

This is minitest, on Rails 4, using Rails-API

For reference, here is the Middleware stack, it is a lot slimmer then most default Rails apps.

use ActionDispatch::Static
use Rack::Lock
use #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x992cd28>
use Rack::Runtime
use ActionDispatch::RequestId
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::DebugExceptions
use ActionDispatch::RemoteIp
use ActionDispatch::Reloader
use ActionDispatch::Callbacks
use ActiveRecord::Migration::CheckPending
use ActiveRecord::ConnectionAdapters::ConnectionManagement
use ActiveRecord::QueryCache
use ActionDispatch::ParamsParser
use Rack::Head
use Rack::ConditionalGet
use Rack::ETag
run MyApp::Application.routes
Community
  • 1
  • 1
berkes
  • 26,996
  • 27
  • 115
  • 206

2 Answers2

6

Just for reference. Everything was right, I was just being stupid and testing the wrong thing while debugging:

assert_match response.headers, /foo/

Is obviously false, because this is the response. Correct is to test the request

get "/v1/sites", nil, :authorization => %{Token token="foo"}
assert_includes request.headers["HTTP_AUTHORIZATION"], "foo"

This passes just fine.

berkes
  • 26,996
  • 27
  • 115
  • 206
  • 8
    For Rails 5/5.1 use the `headers:` keyword argument (no need for nil). `get "/v1/sites", headers: { "HTTP_AUTHORIZATION" => "Token token=1111" }` – Brian Sigafoos Feb 27 '17 at 19:36
0

You can set an header on the request object just before performing you request.

request.env['HTTP_AUTHORIZATION'] = 'foo'
get '/v1/sites'
assert_response :success
matteo
  • 2,256
  • 1
  • 13
  • 10
  • 3
    Unfortunately not. In IntegrationTest, both `request` and `@request` are not set or available: both are nil. This /does/ work with ControllerTests, though. – berkes Aug 12 '13 at 09:39
  • You're right sorry, I was thinking of controller tests. The code you mentioned should work with ActionDispatch::Integration::ResquestHelpers (http://api.rubyonrails.org/classes/ActionDispatch/Integration/RequestHelpers.html#method-i-get), are you using it? – matteo Aug 12 '13 at 10:32
  • It seems I am calling _that_ method, yes. `self.method(:get).owner` reports `ActionDispatch::Integration::Runner`. – berkes Aug 12 '13 at 14:11