Defise Lockable not working in rspec controller tests

Question

Defise Lockable not working in rspec controller tests

We have a custom SessionController that inherits from the standard Devise :: SessionController and blocks for the User model. This works when tested manually, but in our tests the controller failed_attempts

does not increase by 1. If I decrease the attempt maximum_attempts

to 1, it successfully locks the account when testing, but it still does not increase failed_attempts

beyond 1.

Below is an example of my example. Any ideas as to why it failed_attempts

doesn't grow beyond a single controller test?

it{
  bad_user = create(:user, password: 'passworD1')
  3.times do
    post :create, user: { email: bad_user.email, password: 'asdf' }
  end

  post :create, user: { email: bad_user.email, password: 'asdf' }
  bad_user.reload
  expect(bad_user.failed_attempts).to eq(4)
  expect(bad_user.locked_at).not_to be_blank
}

+3

ruby-on-rails rspec devise

commandantk 15 May '15 at 17:00

source to share

2 answers

Elkhan Mamedov · Answer 1 · 2016-12-13T16:40:00+0000

Per Develop a lockable module There is a lock_access method! which is blocking access. This is one way to test another - brute force. Enter the correct email and incorrect password at new_user_session_path as many times as needed for each initializer, then check new_user_unlock_path.

ruslan · Answer 2 · 2017-03-01T15:11:55+0000

I've tried this warden.clear_strategies_cache method! after posting and I was able to lock the account.

In your example, it would look like this:

it{
  bad_user = create(:user, password: 'passworD1')
  3.times do
    post :create, user: { email: bad_user.email, password: 'asdf' }
    warden.clear_strategies_cache!
  end

  post :create, user: { email: bad_user.email, password: 'asdf' }
  bad_user.reload
  expect(bad_user.failed_attempts).to eq(4)
  expect(bad_user.locked_at).not_to be_blank
}

Best regards, Ruslan

Defise Lockable not working in rspec controller tests

More articles: