Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix "requiring authorization" shared examples in our test suite #4941

Open
coalest opened this issue Jan 22, 2025 · 2 comments
Open

Fix "requiring authorization" shared examples in our test suite #4941

coalest opened this issue Jan 22, 2025 · 2 comments

Comments

@coalest
Copy link
Collaborator

coalest commented Jan 22, 2025

Description

We have a set of shared examples called "required authorization" (link to source). They are meant to be a DRY way to ensure that the controller actions or requests require authorization.

The problem is there a bug in the implementation which means that the shared specs will always pass.

To illustrate, running the following specs:

FooController = Class.new(ActionController::Base)

RSpec.describe FooController, type: :controller do
  let(:object) { create(:item) }

  include_examples "requiring authorization"
end

RSpec.describe "foo", type: :request do
  let(:object) { create(:item) }

  include_examples "requiring authorization"
end

produces this output:

Randomized with seed 56820

foo
  redirects the user to the sign-in page for CRUD actions

FooController
  redirects the user to the sign-in page for CRUD actions

Finished in 0.73823 seconds (files took 3.71 seconds to load)
2 examples, 0 failures

Let's fix this so that these shared examples are actually testing authorization.

Issues to resolve

  • Fix the bug causing every example block to be skipped. (Hint: Look at how the constraints passed in are defined/mutated.)
  • These shared examples are used in both controller specs and request specs, but look to be written exclusively for controller specs. Let's either create separate shared examples for request specs or refactor the specs to work for both controller and request specs.
@coalest
Copy link
Collaborator Author

coalest commented Jan 22, 2025

@dorner Do you mind taking at a look at this issue and seeing if it's described correctly and that you think this is worth fixing? (Maybe this isn't a priority and we just want to delete these examples entirely since they aren't doing anything.) I wouldn't want someone to start working on this if a PR isn't wanted.

@dorner
Copy link
Collaborator

dorner commented Jan 24, 2025

I think it's worth fixing, yep. I know we have some specific specs that test this in addition... I think we need to decide either to fix this and remove those, or remove this and add more specific specs where they don't exist right now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants