error.rb

Failures:

  1) UserSessionsController#create with correct credentials with device_id and device_type set someone else is logged in with the same devic
e_id adds AddDeviceToken to the queue
     Failure/Error: expect{
       expected result to have changed by 1, but was changed by 0
     # ./spec/controllers/user_sessions_controller_spec.rb:91:in `block (6 levels) in <top (required)>'

Finished in 1.45 seconds (files took 2.33 seconds to load)
13 examples, 1 failure

Failed examples:

rspec ./spec/controllers/user_sessions_controller_spec.rb:86 # UserSessionsController#create with correct credentials with device_id and dev
ice_type set someone else is logged in with the same device_id adds AddDeviceToken to the queue

rails_helper.rb

# This file is copied to spec/ when you run 'rails generate rspec:install'
ENV['RAILS_ENV'] ||= 'test'
require 'spec_helper'
require File.expand_path('../../config/environment', __FILE__)
require 'rspec/rails'
# Add additional requires below this line. Rails is not loaded until this point!

# Requires supporting ruby files with custom matchers and macros, etc, in
# spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are
# run as spec files by default. This means that files in spec/support that end
# in _spec.rb will both be required and run as specs, causing the specs to be
# run twice. It is recommended that you do not name files matching this glob to
# end with _spec.rb. You can configure this pattern with the --pattern
# option on the command line or in ~/.rspec, .rspec or `.rspec-local`.
#
# The following line is provided for convenience purposes. It has the downside
# of increasing the boot-up time by auto-requiring all files in the support
# directory. Alternatively, in the individual `*_spec.rb` files, manually
# require only the support files necessary.
#
# Dir[Rails.root.join('spec/support/**/*.rb')].each { |f| require f }

# Checks for pending migrations before tests are run.
# If you are not using ActiveRecord, you can remove this line.
ActiveRecord::Migration.maintain_test_schema!

RSpec.configure do |config|
  # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
  config.fixture_path = "#{::Rails.root}/spec/fixtures"

  # If you're not using ActiveRecord, or you'd prefer not to run each of your
  # examples within a transaction, remove the following line or assign false
  # instead of true.
  config.use_transactional_fixtures = true

  config.filter_run :focus => true

  # RSpec Rails can automatically mix in different behaviours to your tests
  # based on their file location, for example enabling you to call `get` and
  # `post` in specs under `spec/controllers`.
  #
  # You can disable this behaviour by removing the line below, and instead
  # explicitly tag your specs with their type, e.g.:
  #
  #     RSpec.describe UsersController, :type => :controller do
  #       # ...
  #     end
  #
  # The different available types are documented in the features, such as in
  # https://relishapp.com/rspec/rspec-rails/docs
  config.infer_spec_type_from_file_location!

  REDIS_PID = "#{Rails.root}/tmp/pids/redis-test.pid"
  REDIS_CACHE_PATH = "#{Rails.root}/tmp/cache/"

  config.before(:suite) do
    redis_options = {
      "daemonize"     => 'yes',
      "pidfile"       => REDIS_PID,
      "port"          => 9736,
      "timeout"       => 300,
      "save 900"      => 1,
      "save 300"      => 1,
      "save 60"       => 10000,
      "dbfilename"    => "dump.rdb",
      "dir"           => REDIS_CACHE_PATH,
      "loglevel"      => "debug",
      "logfile"       => "stdout",
      "databases"     => 16
    }.map { |k, v| "#{k} \"#{v}\"" }.join("\n")
    `echo '#{redis_options}' | redis-server -`
  end

  config.after(:suite) do
    %x{
      cat "#{REDIS_PID}" | xargs kill -QUIT
      rm -f "#{REDIS_CACHE_PATH}dump.rdb"
    }
  end
end

user_sessions_controller.rb

class UserSessionsController < ApplicationController
  # TODO: `session` is a reserved word in Rails, and we therefor need to change
  # this name
  before_action :check_session, only: :destroy

  def create
    user = authenticate(params[:username], params[:password])

    if user
      user_session = UserSession.find_or_create_by(user_id: user.id)
      user_session.generate_token(user.id)
      user_session.device_id = params[:device_id]
      
      # TODO: Refactor this to smaller methods

      if params[:device_type] == 'ios'
        arn = ENV['AWS_SNS_IOS_ARN']
      end

      unless arn == nil or user_session.device_id == nil
                
        update_token_params = { arn: arn, device_id: user_session.device_id, user_id: user.id }

        device_id_other_user = UserSession.where(
          "device_id=? AND user_id != ?", user_session.device_id, user_session.user_id).take
        
        unless device_id_other_user.nil?
          Resque.enqueue(AddDeviceToken, update_token_params, device_id_other_user.user.sns_endpoint_arn)
          device_id_other_user.user.update_attributes(sns_endpoint_arn: nil)
          device_id_other_user.destroy 
        else
          Resque.enqueue(AddDeviceToken, update_token_params)
        end

      end

      user_session.save! 
       
      json_response 200,
        success: true, 
        message_id: 'user_session_created',
        message: I18n.t('success.user_session_created'),
        data: {
          user_session: {
            auth_token: user_session.auth_token,
            user_id: user_session.user_id
          }
        }
    else
      json_response 401,
        success: false, 
        message_id: 'bad_credentials',
        message: I18n.t('error.bad_credentials'),
        error: {
          "password": ["is incorrect"]
        }
    end

  end  

  def destroy
    @user_session.destroy!
    
    json_response 200,
      success: true,
      message_id: 'user_session_destroyed',
      message: I18n.t('success.user_session_destroyed')

  end

  private 

  def authenticate(username, password)
   
    user = User.find_by_username(username)

    if user && user.password_hash == 
               BCrypt::Engine.hash_secret(password, user.password_salt)
      user
    else
      nil
    end

  end

end

user_sessions_controller_spec.rb

require 'rails_helper'

describe UserSessionsController do

  let(:user) { FactoryGirl.create(:user) }
  let(:logged_in_user) { FactoryGirl.create(:user, :logged_in) }
  let!(:liu_device_id) { FactoryGirl.create(:user, :logged_in_with_device_id) }
  let!(:header) { {'X-AUTH-TOKEN' => logged_in_user.user_session.auth_token} }

  describe '#create' do

    let(:login_credentials) { 
      { username: user.username,
        password: user.password }
    }

    context 'with incorrect credentials' do

      it 'returns 401' do
        post :create, { username: '', password: '' }
        expect(response).to have_http_status(401)        
      end

      it 'does not save the session' do
        auth_token = logged_in_user.user_session.auth_token
        post :create, { username: logged_in_user.username, password: 'wrong' }
        expect(logged_in_user.user_session.reload.auth_token).to eq(auth_token) 
      end

    end

    context 'with correct credentials' do

      ENV['AWS_SNS_IOS_ARN'] = 'A'*30

      let(:liu_login_credentials) { 
        { username: logged_in_user.username,
          password: logged_in_user.password }
      }

      let(:liu_device_id_creds) {
        { username: liu_device_id.username,
          password: liu_device_id.password,
          device_id: liu_device_id.user_session.device_id,
          device_type: liu_device_id.user_session.device_type }
      }
      
      it 'returns 200' do
        post :create, login_credentials
        expect(response).to be_success
      end

      it 'creates new sessions' do
        expect {
          post :create, login_credentials
        }.to change(UserSession, :count).by(1)
      end

      it 'updates old sessions' do
          post :create, liu_login_credentials
                       
        expect {
          post :create, liu_login_credentials
        }.to change(UserSession, :count).by(0)        
      end

      context 'with device_id and device_type set' do

        it 'updates sessions when users are already logged in' do
          auth_token = liu_device_id.user_session.auth_token
          post :create, liu_device_id_creds
          expect(liu_device_id.user_session.reload.auth_token).to_not eq(auth_token)
        end

        context 'someone else is logged in with the same device_id' do
          
          before do
            client = Aws::SNS::Client.new(stub_responses: true)
            expect(Aws::SNS::Client).to receive(:new) { client }
          end

          it 'deletes other sessions having the same device_id' do
            Resque.inline = true
          end

          it 'adds AddDeviceToken to the queue', focus: true do

            device = { device_id: liu_device_id_creds[:device_id],
                       device_type: liu_device_id_creds[:device_type] }

            expect{
              post :create, login_credentials.merge(device)
            }.to change{Resque.size(AddDeviceToken)}.by(1)

          end

        end

      end

    end

  end

  describe '#delete' do

    context 'with the right token' do

      it "returns 200" do
        @request.headers.merge!(header)
        delete :destroy
        expect(response).to be_success 
      end
      
      it "deletes the session" do
        @request.headers.merge!(header)
        expect {        
          delete :destroy
        }.to change(UserSession, :count).by(-1)
      end 

    end

    context 'with incorrect token' do
      before {
        @request.headers.merge!({'X-AUTH-TOKEN' => 'wrong'})
      }

      it "returns 401" do
        delete :destroy 
        expect(response).to have_http_status(401)
      end

      it "does not delete the session" do
        expect{
         delete :destroy
        }.to change(UserSession, :count).by(0)
        
      end

    end

  end

end