How to test live views with ash authentication plugs

I’m trying to find out how to test live views that are protected by Ash Authentication.

A straight forward way is to just fill in username and password and hit submit when visiting a protected page.

In my normal live view code I have this function in my conn_case.ex

  def log_in_user(conn, user) do
    token = ActivityPlanner.Accounts.generate_user_session_token(user)

    conn
    |> Phoenix.ConnTest.init_test_session(%{})
    |> Plug.Conn.put_session(:user_token, token)
  end

But this is using the custom auth stuff generated from gen.auth.

How can make something similar for Ash Authentication ? I think that’s maybe one of the problems with opaque code. Oh and yes I could probably peer into the source code, but currently I’m just whipping out some code and tries to avoid rabbit holes :slight_smile:

the ash project im working on is this GitHub - jarlah/ash-activity-planner and the original project I worked on previously with normal live views is this one GitHub - jarlah/activity-planner: An example Phoenix application with foreign key multi tenancy

Both of which are hobby projects with sole purpose to grind my way into getting familiar with all of Elixir :wink:

I really struggle with this. Because of the opaqueness of ash authentication phoenix I cant use the same form(“#my-form-name”, %{username: “foo”, password: “bar”}) strategy for filling the form fields and submitting with render_submit(). Anyone used ash authentication before and know how to either 1) mock the session in the test, or 2) how to fill in the SignInLive form fields in ash authentication phoenix ?

I haven’t personally tested live views protected with AshAuthentication unfortunately. @jimsynz will probably be able to provide some more info after the weekend. You may have some luck looking at the test suite for AshAuthenticationPhoenix?

2 Likes

Hi there.

You can rewrite the log_in_user/2 function to use AshAuthentication in a few ways. Here I am assuming that your user resource is called User - if it is something else you will need to change current_user to current_X.

If your application is using retrieve_from_session/2 (possibly via AshAuthentication.Phoenix.Plug.load_from_session/2) and has require_token_presence_for_authentication? set:

def log_in_user(conn, user) do
  {:ok, token, _} = AshAuthentication.Jwt.token_for_user(user)

  conn
  |> Phoenix.ConnTest.init_test_session(%{})
  |> Plug.Conn.put_session("current_user_token", token)
end

If your application is using retrieve_from_session/2 and doesn’t have require_token_presence_for_authentication? set:

def log_in_user(conn, user) do
  subject = AshAuthentication.user_to_subject(user)

  conn
  |> Phoenix.ConnTest.init_test_session(%{})
  |> Plug.Conn.put_session("current_user", subject)
end

Lastly, if you’re using retrieve_from_bearer/2 (possibly via AshAuthentication.Phoenix.Plug.load_from_bearer/2) you can do:

def log_in_user(conn, user) do
  {:ok, token, _} = AshAuthentication.Jwt.token_for_user(user)

  conn
  |> Plug.Conn.put_req_header("authorization", "Bearer #{token}")
end

All of this information is introspectable via AshAuthentication.Info - so I would welcome a PR that adds some test helpers to AshAuthentication.

Links:

  1. AshAuthentication.Plug.Helpers.retrieve_from_session/2
  2. AshAuthentication.Phoenix.Plug.load_from_session/2
  3. authentication.tokens.require_token_presence_for_authentication?
  4. AshAuthentication.Jwt.token_for_user/3
  5. AshAuthentication.user_to_subject/1
  6. AshAuthentication.Plug.Helpers.retrieve_from_bearer/2
  7. AshAuthentication.Phoenix.Plug.load_from_bearer/2
  8. AshAuthentication.Info
1 Like

A test helper like that sounds like an excellent addition to AshAuthentication! Good idea.

after a lot of trial and error, and inspecting the connection after login, I saw that a “user” was stored in the session in the form of

      "user" => "user?id=ef6f74a3-3795-4f0d-be4f-622db62f8c01"

so I made it all work in the tests by doing this:

  setup %{conn: conn} do
    user =
      AshActivityPlanner.Accounts.User
      |> Ash.Changeset.for_create(:register_with_password, %{
        email: "test@user.com",
        password: "password",
        password_confirmation: "password"
      })
      |> AshActivityPlanner.Accounts.create!()

    {:ok, %{conn: log_in_user_as_subject(conn, user)}}
  end

  # SNIP ...

  defp log_in_user_as_subject(conn, user) do
    subject = AshAuthentication.user_to_subject(user)

    conn
    |> Phoenix.ConnTest.init_test_session(%{})
    |> Plug.Conn.put_session("user", subject)
  end

however this will likely change when I alter how signin is configured so its not a good longterm solution.