Making authenticated requests with ember-simple-auth-ephemeral store in testing

Question

I have a rails backend and ember cli project that are using ember-simple-auth devise and I am trying to get a Qunit test to cover an authenticated post to rails. I am not mocking out any backend calls.

My test is setup like this:

test('successfully POSTing', function(){
  // helper to signin through ember
  signIn();

  andThen(function(){
    // fill out a form and submit it  
    equal(find('li').text(), 'aodsfiu');

  })
});

I am using simple-auth-session-store:ephemeral in my test ENV.

The signIn() helper works fine: I can see from both the ember and rails logs that it submits the form and gets back status 201, however the following request returns status 401 like the authentication info is never saved / not used in the following request.

If I test this manually, everything is okay, which leads me to think it's an issue with the test env, BUT when I remove the store:ephemeral I still get back status 401 from my server.

How can I make authenticated requests to my server with ember-simple-auth in a test environment? Is there a way to access the test session data directly and set the user-token and email so that rails will think I am authenticated?

env:

if (environment === 'test') {
    // simple auth local storage stuff
    ENV['simple-auth'] = {
      authorizer: 'simple-auth-authorizer:devise',
      crossOriginWhitelist: ['*'],
      store: 'simple-auth-session-store:ephemeral',

    }
    // Testem prefers this...
    ENV.baseURL = '/';
    ENV.locationType = 'auto';

    // keep test console output quieter
    ENV.APP.LOG_ACTIVE_GENERATION = false;
    ENV.APP.LOG_VIEW_LOOKUPS = false;

    ENV.APP.rootElement = '#ember-testing';
  }

score 1 · Answer 1 · answered Dec 01 '14 at 08:10

1

The ephemeral store only makes sure that the session isn't actually persisted so that tests don't influence each other. What you see might be caused by Ember Simple Auth's cross origin authorization policy - as long as you don't whitelist an origin requests going to it will not be authorized so that your token doesn't get exposed to arbitrary sites. See the API docs.

answered Dec 01 '14 at 08:10

marcoow

4,062
1
14
21

thanks, does simple auth/ember log an error if its a CORS issue? rails receives all of the form data, but none of the auth headers. I'm note sure I understand the docs: `crossOriginWhitelist` takes an array with `protocol`, `host` and `port` properties? How could I dangerously whitelist everything? `crossOriginWhitelist: [{host: **, protocol: '**', port: '**'}]`? But that syntax isn't correct. – user2936314 Dec 01 '14 at 18:28
1

There will be no error logged - the headers are just not added when the request is going to a 3rd origin that's not whitelisted. Check the README for an example: https://github.com/simplabs/ember-simple-auth#cross-origin-authorization – marcoow Dec 02 '14 at 08:42
I whitelisted `*` and still can't get any auth headers. If you open the chrome console while running qunit tests, I can see that I can log `this.get('session')` and I am logged in in the test, but it does not want to add the auth headers in the test env - verified by looking at the `http` request in the console. Any other ideas to look at? Is there an example integration test with ember simple auth anywhere? – user2936314 Dec 02 '14 at 13:09
please post your config – marcoow Dec 02 '14 at 13:25
added it to the question – user2936314 Dec 02 '14 at 15:23
1

looks good - you'll have to debug into the code, check whether the authorizer's `authorizer` method is actually called etc. - starting point is here: https://github.com/simplabs/ember-simple-auth/blob/0.7.1/packages/ember-simple-auth/lib/simple-auth/setup.js#L70 – marcoow Dec 02 '14 at 17:46
if I put a `console.log` after the line you linked, it does not log in my test console. I also had a closer look at `this.get('sessions')` and both `isDestroyed` and `isDestroying` are `true`, but in my non-test environment neither of those properties are set and the logger will log. If I use the test helper `authenticateSession()` it also shows the sessions as being destroyed. – user2936314 Dec 02 '14 at 22:44
`isDestroyed` is checked on the authorizer, not the session; what does `shouldAuthorizeRequest(options)` return? – marcoow Dec 03 '14 at 08:26
It returns `true`, at this line https://github.com/simplabs/ember-simple-auth/blob/0.7.1/packages/ember-simple-auth/lib/simple-auth/setup.js#L69, but I think it's failing on line 70 because of the `!authorizer.isDestroyed` condition, but if I change that to just `authorizer` it gets a little further into the block, and still doesn't add the auth headers. This is all a `POST` request. – user2936314 Dec 03 '14 at 12:21
Ember Simple Auth 0.7.2 was released earlier today - please update and see whether that fixes it. – marcoow Dec 03 '14 at 14:02
nope, I'll see if I can replicate this in another quick project and add an issue to your repo if I can find out more about it. I have a hunch it has something to do with ember qunit since I wrote an rspec test for the same behavior and it passes the auth token without any issues. cheers for the help! – user2936314 Dec 03 '14 at 23:15

Making authenticated requests with ember-simple-auth-ephemeral store in testing

1 Answers1