I'm writing RSpec tests for a Rails API that is partially protected with OAuth2. I need to write tests such as
GET ResourcesController#index
access_token is provided
access_token is not provided
and stuff like that. I thought I could use the oauth2 gem, but I soon realised that that works by issuing actual HTTP requests to the Rails app. I'm a little lost, can someone point me in the right direction?
EDIT Some further info
I'm using Doorkeeper to implement OAuth2. My question has to do with the fact that some methods of my controllers are hidden behind something like the following:
before_action :doorkeeper_authorize!, only: [:update, :destroy]
which verifies the presence, and validity, of an authentication token. Now, these tokens have to exist in the database. My question then is how do I, either
EDIT 2
Found this. Feel free to keep adding answers while I read this up.
You could still use oauth2 gem, it has many examples of stubbing acces tokens in its own test suite. Without a specifically pointed issue that you might be having it's hard to give more advice though.
Alternatively, there is vcr gem which records http interactions and plays them out during testing. You could record your live API interactions and then use the playback to run your tests against.
UPDATE
After you mentioned the Doorkeeper and found its docs yourself, here is an example from the same source.
describe Api::V1::ProfilesController do
describe 'GET #index' do
let(:token) { double :acceptable? => true }
before do
controller.stub(:doorkeeper_token) { token }
# allow(controller).to receive(:doorkeeper_token) {token} # => RSpec 3
end
it 'responds with 200' do
get :index, :format => :json
response.status.should eq(200)
end
end
end
Stubbing :acceptable? => true will bypass the doorkeeper filter, since the token is valid. If you prefer to return false then the response status will be 401 unauthorized.