I'm stuck since yesterday on a problem with rspec, I'm starting in the tests so I have a little bit of trouble understanding the problem. I use a pdf view with Prwan to provide an invoice for the order in pdf format, I have restricted access to the controller in this way:
order_token = params[:order_token]
if order_token != @order.guest_token || order_token == nil || @order.guest_token == nil
permission_denied
end
I would like to create a test that verifies that if I don't own the invoice, I can't see it, my test is written like this:
RSpec.describe Spree::OrdersController, type: :controller do
let(:user) { create(:user, password: "12345678", password_confirmation: "12345678", email: "[email protected]") }
let(:order) { create(:order, user: user, total: 100.0) }
context "#Missing token" do
it "should return unauthorized" do
get :invoice, params: {id: order.number, format: :pdf}
puts response.inspect
assert_response 401
end
end
end
I have one when I run the test, I have a redirection that I don't understand!
1) Spree::OrdersController#Missing token should return unauthorized
Failure/Error: assert_response 401
Minitest::Assertion:
Expected response to be a <401: Unauthorized>, but was a <302: Found> redirect to <http://test.host/login>.
Expected: 401
Actual: 302
# ./spec/controllers/spree/frontend/orders_controller_decorator_spec.rb:11:in `block (3 levels) in <top (required)>'
Finished in 14.91 seconds (files took 7.99 seconds to load)
1 example, 1 failure