I just can't find an easy way to add an authorization header to every request easily? am i missing something? this seems like it should be a standard use case for request specs against an API that utilizes the Authorization header for authentication?
rspec-rails
is a thin shim around Rails test helpers so if they haven't added this ability neither have we
There is not way to "auto" set this. As Jon stated, most of rspec-rails
is a thin wrapper, in this case request specs are a wrapper around Rails integration tests.
Based on the Rails API the headers are not really inherited from anything. They must be uniquely set each time. This is how requests work, a client must send the headers each time they make a request, it is up to the client to manage that.
IMO, request specs for an API should be documenting how the API interaction works from a consumer's perspective. Showing that the headers need to always be sent, and which headers those are, is good documentation.
If you wish to achieve this on your own there are a few options:
ruby
def get(path, parameters = nil, headers_or_env = nil)
headers_or_env ||= { 'some' => 'defaults' }
super
end
``` ruby
RSpec.describe "some API endpoint" do
let(:auth_headers) {
{ 'HTTP-AUTHORIZATION' => 'Token token="pancakes"' }
}
def request_widgets
get api_widgets, '', auth_headers
response
end
it "gets the widgets" do
expect(request_widgets).to have_http_status(:success)
end
end
```
As far as request authentication, an authorization header has little difference than a cookie header. In both request and controller specs, we have access to the session instance, providing us the ability to set the "cookie" header.
Request specs to an API can document the fundamentals, including authentication, in a specific set of tests. This should not be necessary for every single spec in which the focus is to spec an authenticated response.
Again, the desire here is no different than what everyone already uses with standard web browser controller/request specs.
@paulwalker we're not saying it's an unreasonable request, just that you're making it to the wrong project, please open this feature request with the rails team
Thanks @JonRowe, fair enough.
Most helpful comment
There is not way to "auto" set this. As Jon stated, most of
rspec-rails
is a thin wrapper, in this case request specs are a wrapper around Rails integration tests.Based on the Rails API the headers are not really inherited from anything. They must be uniquely set each time. This is how requests work, a client must send the headers each time they make a request, it is up to the client to manage that.
IMO, request specs for an API should be documenting how the API interaction works from a consumer's perspective. Showing that the headers need to always be sent, and which headers those are, is good documentation.
If you wish to achieve this on your own there are a few options:
ruby def get(path, parameters = nil, headers_or_env = nil) headers_or_env ||= { 'some' => 'defaults' } super end
``` ruby
RSpec.describe "some API endpoint" do
end
```