authenticate_user! disables all other callbacks, doesn't authenticate at all
samnissen opened this issue · 0 comments
samnissen commented
Similar to #277 but worse because I can't write any code to route around, since attempting to authenticate is the last callback that can execute. (Note in the below example this_fn_does_not_exist!
truly does not exist.)
class ApplicationController < ActionController::API
acts_as_token_authentication_handler_for User, fallback: :none
# ...
class MyModelsController < ApplicationController
before_action :authenticate_user!
before_action :this_fn_does_not_exist!
# ...
require 'rails_helper'
RSpec.describe MyModelsController, type: :controller do
# ...
let(:invalid_session) { { } }
describe "GET #show" do
it "does not assign the requested my_model as @my_model" do
@my_model = create(:my_model, valid_attributes)
get :show, format: :json, params: { id: @my_model.id }, session: invalid_session
expect(assigns(:my_model)).to eq(nil)
end
end
# ...
$ rspec spec/controllers/my_models_controller.rb
F
Failures:
1) MyModelsController GET #show does not assign the requested my_model as @my_model
Failure/Error: expect(assigns(:my_model)).to eq(nil)
expected: nil
got: #<my_model id: 123, #...