Testing pow authenticated controllers

Phoenix Forum Questions / Help
, ,
1

I added Pow to my application using this guide because i have a JSON api structure, but after integrate with pow, my controller tests broke because neither of them needed to have a session before and now they do. The problem is that i’m not being able to make the tests work, my approach so far was change the default setup method generated by phoenix to this:

# before
setup %{conn: conn} do
 {:ok, conn: put_req_header(conn, "accept", "application/json")}
end

# now
setup %{conn: conn} do
  user = user_fixture()

  authed_conn =
    conn
    |> put_req_header("accept", "application/json")
    |> pow.plug.assign_current_user(user, [])

  {:ok, conn: authed_conn}
end

Now the index test pass successfully, but the others give me this error message:

** (RuntimeError) expected connection to have a response but no response was set/sent.
     Please verify that you assign to "conn" after a request:

       conn = get(conn, "/")
       assert html_response(conn) =~ "Hello"
  
   code: assert json_response(conn, 422)["errors"] != %{}
   stacktrace:
     (phoenix 1.7.12) lib/phoenix/test/conn_test.ex:358: Phoenix.ConnTest.response/2
     (phoenix 1.7.12) lib/phoenix/test/conn_test.ex:419: Phoenix.ConnTest.json_response/2
     test/ponto_cao_web/controllers/pet_controller_test.exs:106: (test)

I didn’t find in pow docs and repo some recommended way to tests authenticated controllers on API only projects, can you guys help me to understand why this is happening ?

2

Haven’t used pow myself, but I guess you should do something like they do in their tests,
conn |> PowPlug.assign_current_user(@user, [])

1 Like
3

I’m already doing this on setup method, but on my snippet for some reason the name of modules are lowercased, but you can check here:

setup %{conn: conn} do
  user = user_fixture()

  authed_conn =
    conn
    |> put_req_header("accept", "application/json")
    # the assignment line
    |> Pow.Plug.assign_current_user(user, [])

  {:ok, conn: authed_conn}
end
4

Could you show your complete test?

1 Like
5

Sure, here…

defmodule PontoCaoWeb.EventControllerTest do
  use PontoCaoWeb.ConnCase

  import PontoCao.AnnouncementsFixtures
  import PontoCao.UsersFixtures

  alias PontoCao.Announcements.Event

  @create_attrs %{
    description: "some description of random event",
    title: "some title",
    latitude: "90",
    longitude: "120.5",
    photos: ["https://example.com/", "https://example.com/"],
    frequency: 0,
    input_starts_at: NaiveDateTime.utc_now() |> NaiveDateTime.add(1, :hour),
    input_ends_at: NaiveDateTime.utc_now() |> NaiveDateTime.add(4, :hour),
    timezone: "Etc/UTC"
  }
  @update_attrs %{
    description: "some updated description",
    title: "some updated title",
    latitude: "-90",
    longitude: "-180",
    frequency: 12,
    input_starts_at: NaiveDateTime.utc_now() |> NaiveDateTime.add(1, :hour),
    input_ends_at:
      NaiveDateTime.utc_now() |> NaiveDateTime.add(4, :day) |> NaiveDateTime.add(1, :hour)
  }
  @invalid_attrs %{
    title: nil,
    description: nil,
    latitude: nil,
    longitude: nil,
    photos: nil,
    frequency: nil,
    input_starts_at: nil,
    input_ends_at: nil,
    timezone: nil
  }

  setup %{conn: conn} do
    user = user_fixture()

    authed_conn =
      put_req_header(conn, "accept", "application/json")
      |> Pow.Plug.assign_current_user(user, [])

    {:ok, conn: authed_conn, user: user}
  end

  describe "index" do
    test "lists all events", %{conn: conn} do
      conn = get(conn, ~p"/api/events")
      assert json_response(conn, 200)["data"] == []
    end
  end

  describe "create event" do
    test "renders event when data is valid", %{conn: conn, user: user} do
      conn = post(conn, ~p"/api/events", event: Map.put(@create_attrs, :owner_id, user.id))
      assert %{"id" => id} = json_response(conn, 201)["data"]

      conn =
        conn
        |> Pow.Plug.assign_current_user(user, [])
        |> get(~p"/api/events/#{id}")

      starts_at = NaiveDateTime.utc_now() |> NaiveDateTime.add(1, :hour)
      ends_at = NaiveDateTime.utc_now() |> NaiveDateTime.add(4, :hour)

      assert %{
               "id" => ^id,
               "title" => "some title",
               "description" => "some description of random event",
               "latitude" => "90",
               "longitude" => "120.5",
               "photos" => ["https://example.com/", "https://example.com/"],
               "frequency" => 0,
               "starts_at" => ^starts_at,
               "ends_at" => ^ends_at
             } = json_response(conn, 200)["data"]
    end

    test "renders errors when data is invalid", %{conn: conn} do
      conn = post(conn, ~p"/api/events", event: @invalid_attrs)
      assert json_response(conn, 422)["errors"] != %{}
    end
  end

The index/2 test and the error case in create/2 test passes successfully, but the success case of create/2 gives this error now:

 ** (RuntimeError) expected response with status 200, got: 401, with body:
     "{\"error\":{\"code\":401,\"message\":\"Not authenticated\"}}"
     code: } = json_response(conn, 200)["data"]

So, i guess the error is located at get/3 call in this line:

conn =
  conn
  |> Pow.Plug.assign_current_user(user, [])
  |> get(~p"/api/events/#{id}")

but i still do not understand neither why and what is happening

6

Is the project somewhere accessible?

7

Yeah bro, you can check the repo here

8

UPDATE:
I’ve fixed the error, apparently there was something with connection recycling in Phoenix.ConnTest… Here’s some snippet of their docs:

  ## Recycling

  Keep in mind Phoenix will automatically recycle the connection between
  dispatches. This usually works out well most times, but it may discard
  information if you are modifying the connection before the next dispatch:

      # No recycling as the connection is fresh
      conn = get(build_conn(), "/")

      # The connection is recycled, creating a new one behind the scenes
      conn = post(conn, "/login")

      # We can also recycle manually in case we want custom headers
      conn =
        conn
        |> recycle()
        |> put_req_header("x-special", "nice")

      # No recycling as we did it explicitly
      conn = delete(conn, "/logout")

  Recycling also recycles the "accept" and "authorization" headers,
  as well as peer data information.

So i solved the problem by starting a new connection life cycle before dispatch the get action in create/2 test, now the test looks like this:

    test "renders event when data is valid", %{conn: conn, user: user} do
      conn = post(conn, ~p"/api/events", event: @create_attrs)

      assert %{"id" => id, "starts_at" => starts_at, "ends_at" => ends_at} =
               json_response(conn, 201)["data"]

      conn =
  build_conn()
  |> Pow.Plug.assign_current_user(user, [])
  |> get(~p"/api/events/#{id}")

      assert %{
               "id" => ^id,
               "title" => "some title",
               "description" => "some description of random event",
               "latitude" => "90",
               "longitude" => "120.5",
               "photos" => ["https://example.com/", "https://example.com/"],
               "frequency" => 0,
               "starts_at" => ^starts_at,
               "ends_at" => ^ends_at
             } = json_response(conn, 200)["data"]
    end

Now i would like to know why starts a fresh connection with build_conn/0 solved the problem, and why this works:

conn =
  build_conn()
  |> Pow.Plug.assign_current_user(user, [])
  |> get(~p"/api/events/#{id}")

and this don’t:

conn = conn |> Pow.Plug.assign_current_user(user, []) |> get(~p"/api/events/#{id}")
9

Recycling a conn tries to do essentially the same as what happens when a browser would navigate to a new route. Only things like cookies, some headers, hostname, … will be retained. assigns are not retained between multiple requests being made, but need to be computed and set freshly for each request, so the same applies with recycles.

Here you have a conn, which was already used to do a request, then you assign some data and then you request a new page, trigger a recycle and therefore get rid of tje assign again.

If you do multiple request you likely want to authenticate, so that a session is started and not just for a single request by setting just assigns.

2 Likes
10

Yeah, i did understand the connection flow but what i’m not getting here is why the connection do not re-assign the user before do the get action even when i pipe through the plug assign_current_user but it does work if i do a manual recycle to connection with recycle/2 or build a fresh conn then assign the user to it. Also i’d like to know if there’s a better way to encapsulate the authentication logic in my tests for avoid this re-assign thing everywhere.

11

Learned something new here. I think I’ve never reused a conn in a test before, at least not in this fashion.

1 Like
12

A conn knows and stores if it was already used to make a request (iirc conn.state). So your two approaches are.

# conn was used before
conn = 
  conn 
  # assign current user to the used conn
  |> Pow.Plug.assign_current_user(user, []) 
  # get/2 detects the conn as already being used and recycles it,
  # which doesn't retain the assign you added
  |> get(~p"/api/events/#{id}")

and

# conn was used before
conn = 
  build_conn()
  # assign current user to the used conn
  |> Pow.Plug.assign_current_user(user, []) 
  # get/2 detects the conn as not used yet, so no recycling is happening
  # the assign stays
  |> get(~p"/api/events/#{id}")

You could do conn |> recycle() |> Pow.Plug.assign_current_user(user, []) to work around the automatic recycling happing at an inconvencient time.

You could also consider not writing to conn.assigns, but to put the authentication details in the session. That way authentication will persist across recycles just like it does persist across many requests outside of testing.