If you reindent the messy spec code, you can see that you are missing the user definition in your describe "in the Users controller"
block.
Seeing that you are using the user
in all three describe
blocks in the Authorization, I'd move it one level up, so you'll end up with:
describe "authorization" do
let(:user) { FactoryGirl.create(:user) }
describe "for non-signed-in users" do
...
end
describe "in the Users controller" do
...
end
describe "as wrong user" do
let(:wrong_user) { FactoryGirl.create(:user, email: "wrong@example.com") }
before { sign_in user, no_capybara: true }
...
end
end