Set request headers for Rspec and Rack::Test in Ruby on Rails

Question

I'm currently trying to test the login and logout JSON endpoints for my application using Rspec. I am using devise and devise_token_auth gems in order to build JSON endpoints for my authentication.

I can successfully log a user in, however when logging out there needs to be several request headers present for the logout function to find the correct user and complete.

I've tried to add headers to my current Rack session, but it seems to drop them when the request is created. Here is my code for so far:

Helper method (spec/support/api_helper.rb):

def login_user
        user = create(:user)
        post '/api/v1/auth/sign_in', email: user.email, password: user.password, format: :json
        return { 
                'token-type' => 'Bearer', 
                'uid' => last_response.headers['uid'], 
                'access-token' => last_response.headers['access-token'], 
                'client' => last_response.headers['client'], 
                'expiry' => last_response.headers['expiry'] 
            }
end

My Rspec example (spec/api/v1/authentication_spec.rb):

describe 'DELETE /api/v1/auth/sign_out' do

        it 'should destroy your current session and log you out' do
            login_user
            delete '/api/v1/auth/sign_out', {}, login_user
            expect(last_response.status).to eq 200
            expect(parse_json(last_response.body['success'])).to eq true
        end
    end

The output when trying to request a user to log out with the DELETE HTTP verb:

=> #<Rack::MockResponse:0x007fc0f66fa748 @original_headers={"X-Frame-Options"=>"SAMEORIGIN", "X-XSS-Protection"=>"1; mode=block", "X-Content-Type-Options"=>"nosniff", "Content-Type"=>"application/json; charset=utf-8", "Cache-Control"=>"no-cache", "X-Request-Id"=>"754c89bb-7a8f-4c83-b32b-dc9ed3404863", "X-Runtime"=>"0.010023"}, @errors="", @body_string=nil, @status=401, @header={"X-Frame-Options"=>"SAMEORIGIN", "X-XSS-Protection"=>"1; mode=block", "X-Content-Type-Options"=>"nosniff", "Content-Type"=>"application/json; charset=utf-8", "Cache-Control"=>"no-cache", "X-Request-Id"=>"754c89bb-7a8f-4c83-b32b-dc9ed3404863", "X-Runtime"=>"0.010023", "Content-Length"=>"37"}, @chunked=false, @writer=#<Proc:0x007fc0f66fa338@/Users/tomdallimore/.rbenv/versions/2.1.3/lib/ruby/gems/2.1.0/gems/rack-1.6.0/lib/rack/response.rb:30 (lambda)>, @block=nil, @length=37, @body=["{\"errors\":[\"Authorized users only.\"]}"]>

I have also tried adding headers to the current Rack session like below:

header 'uid', login_user['uid']
header 'token-type', 'Bearer'
header 'access-token', login_user['access-token']
header 'client', login_user['client']
header 'expiry', login_user['expiry']

Does anyone know why the headers are being dropped from the Rack session when a new request is made? How else can I add headers to a Rack session?

Answer 1

I think what you are doing should work. Also, you can set a header with header('name', 'value').

Anyways, you should check

post '/api/v1/auth/sign_in', email: user.email, password: user.password, format: :json

The user.password should be hashed, so if you send it like that you won't be logged in.