Rails Tutorial Chapter 9: Authorization Redirect tests failing

Question

I have looked through pretty much every Rails Tutorial Chapter 9 question on StackOverflow. No one seems to be having this same issue. Maybe it's just a typo or something stupid I've missed and I just need some fresh eyes. Any help would be appreciated.

Errors:

Failures:

1) Authentication authorization as non-admin user submitting a DELETE request to the Users#destroy action
 Failure/Error: specify { expect(response).to redirect_to(root_url) }
   Expected response to be a redirect to <http://www.example.com/> but was a redirect to <http://www.example.com/signin>.
   Expected "http://www.example.com/" to be === "http://www.example.com/signin".
 # ./spec/requests/authentication_pages_spec.rb:60:in `block (5 levels) in <top (required)>'

2) Authentication authorization as wrong user submitting a GET request to the Users#edit action
 Failure/Error: specify { expect(response).to redirect_to(root_url) }
   Expected response to be a redirect to <http://www.example.com/> but was a redirect to <http://www.example.com/signin>.
   Expected "http://www.example.com/" to be === "http://www.example.com/signin".
 # ./spec/requests/authentication_pages_spec.rb:108:in `block (5 levels) in <top (required)>'

3) Authentication authorization as wrong user submitting a PATCH request to the Users#update action
 Failure/Error: specify { response.should redirect_to(root_url) }
   Expected response to be a redirect to <http://www.example.com/> but was a redirect to <http://www.example.com/signin>.
   Expected "http://www.example.com/" to be === "http://www.example.com/signin".
 # ./spec/requests/authentication_pages_spec.rb:113:in `block (5 levels) in <top (required)>'

Failed examples:

rspec ./spec/requests/authentication_pages_spec.rb:60 # Authentication authorization as non-admin user submitting a DELETE request to the Users#destroy action
rspec ./spec/requests/authentication_pages_spec.rb:108 # Authentication authorization as wrong user submitting a GET request to the Users#edit action
rspec ./spec/requests/authentication_pages_spec.rb:113 # Authentication authorization as wrong user submitting a PATCH request to the Users#update action

Authentication spec:

 require 'spec_helper'

describe "Authentication" do

  subject { page }

  describe "signin page" do
    before { visit signin_path }

    it { should have_content('Sign in') }
    it { should have_title('Sign in') }
  end

  describe "signin" do
    before { visit signin_path }

    describe "with invalid information" do
        before { click_button "Sign in" }

        it { should have_title('Sign in') }
        it { should have_error_message('Invalid') }

        describe "after visiting another page" do
            before { click_link "Home" }
            it { should_not have_error_message('Invalid') }
        end

    end # End of invalid Sign in Tests

    describe "with valid information" do
        let(:user) { FactoryGirl.create(:user) }
        before { valid_signin(user) }

        it { should have_title(user.name) }
      it { should have_link('Users',       href: users_path) }
        it { should have_link('Profile',     href: user_path(user)) }
        it { should have_link('Sign out',    href: signout_path) }
        it { should have_link('Settings',    href: edit_user_path(user)) }
      it { should_not have_link('Sign in', href: signin_path) }

      describe "followed by signout" do
        before { click_link "Sign out" }
        it { should have_link('Sign in') }
      end

    end # End of valid Sign in Tests

  end # End of Sign in Tests

  describe "authorization" do

    describe "as non-admin user" do
      let(:user) { FactoryGirl.create(:user) }
      let(:non_admin) { FactoryGirl.create(:user) }

      before { sign_in non_admin, no_capybara: true }

      describe "submitting a DELETE request to the Users#destroy action" do
        before { delete user_path(user) }
        specify { expect(response).to redirect_to(root_url) }
      end # End of DELETE request
    end # End of Authentication->authorization->as non-admin

    describe "for non-signed-in users" do
      let(:user) { FactoryGirl.create(:user) }

      describe "in the Users controller" do

        describe "visiting the edit page" do
          before { visit edit_user_path(user) }
          it { should have_title('Sign in') }
        end # End of Authen->author->nonsignedin->User controller->visiting edit

        describe "submitting to the update action" do
          before { patch user_path(user) }
          specify { expect(response).to redirect_to(signin_path) }
        end # End of submitting update

        describe "visiting the user index" do
          before { visit users_path }
          it { should have_title('Sign in') }
        end # End of Auth-autho->not signed in->user index
      end # End of Authen->author->nonsignedin->Users controller
      describe "when attempting to visit a protected page" do
        before do
          visit edit_user_path(user)
          fill_in "Email",    with: user.email
          fill_in "Password", with: user.password
          click_button "Sign in"
        end

        describe "after signing in" do
          it "should render the desired protected page" do
            expect(page).to have_title('Edit user')
          end
        end
      end
    end # End of Authentication->authorization->for non-signed-in users

    describe "as wrong user" do
      let(:user) { FactoryGirl.create(:user) }
      let(:wrong_user) { FactoryGirl.create(:user, email: "wrong@example.com") }
      before { sign_in user, no_capybara: true }

      describe "submitting a GET request to the Users#edit action" do
        before { get edit_user_path(wrong_user) }
        specify { expect(response.body).not_to match(full_title('Edit user')) }
        specify { expect(response).to redirect_to(root_url) }
      end

      describe "submitting a PATCH request to the Users#update action" do
        before { patch user_path(wrong_user) }
        specify { response.should redirect_to(root_url) }
      end
    end
  end # End of Authentication->authorization

end # End of Authentication Tests

Users controller:

class UsersController < ApplicationController
before_action :signed_in_user,     only: [:index, :edit, :update, :destroy]
before_action :correct_user,       only: [:edit, :update]
before_action :admin_user,         only: :destroy
before_action :signed_in_redirect, only: [:new, :create]

  def destroy
    User.find(params[:id]).destroy
    flash[:success] = "User deleted."
    redirect_to users_url
  end

  def index
    @users = User.paginate(page: params[:page])
  end

  def new
    @user = User.new
  end

  def show
    @user = User.find(params[:id])
  end

  def create
      @user = User.new(user_params)
      if @user.save
        sign_in @user
        flash[:success] = "Welcome to the Sample App!"
        redirect_to @user
      else
        render 'new'
      end
    end

  def edit
  end

  def update
    if @user.update_attributes(user_params)
      flash[:success] = "Profile updated"
      redirect_to @user
    else
      render 'edit'
    end
  end


  private

    def user_params
      params.require(:user).permit(:name, :email, :password,
                                   :password_confirmation, :admin)
    end

    # Before filters

    def signed_in_user
      unless signed_in?
        store_location
        redirect_to signin_url, notice: "Please sign in."
      end
    end

    def correct_user
      @user = User.find(params[:id])
      redirect_to(root_url) unless current_user?(@user)
    end

    def admin_user
      redirect_to(root_url) unless current_user.admin?
    end

    def signed_in_redirect
      redirect_to root_url, note: "Already signed in" if signed_in?
    end

end

Let me know if there's anything additional I should post in order to help you help me. Thanks in advance.

-EDIT-

Sessions helper:

    module SessionsHelper

    def sign_in(user)
        remember_token = User.new_remember_token
        cookies.permanent[:remember_token] = remember_token
        user.update_attribute(:remember_token, User.hash(remember_token))
        self.current_user = user
    end

    def signed_in?
        !current_user.nil?
    end

    def current_user=(user)
        @current_user = user
    end

    def current_user
        remember_token = User.hash(cookies[:remember_token])
        @current_user ||= User.find_by(remember_token: remember_token)
    end

    def current_user?(user)
        user == current_user
    end

    def sign_out
        current_user.update_attribute(:remember_token,
                                      User.hash(User.new_remember_token))
        cookies.delete(:remember_token)
        self.current_user = nil
    end

    def redirect_back_or(default)
        redirect_to(session[:return_to] || default)
        session.delete(:return_to)
    end

    def store_location
        session[:return_to] = request.url if request.get?
    end


end

-EDIT 2-

utilities.rb:

include ApplicationHelper

    def sign_in(user, options={})
      if options[:no_capybara]
        # Sign in when not using Capybara.
        remember_token = User.new_remember_token
        cookies[:remember_token] = remember_token
        user.update_attribute(:remember_token, User.hash(remember_token))
      else
        visit signin_path
        fill_in "Email",    with: user.email
        fill_in "Password", with: user.password
        click_button "Sign in"
      end
    end

    def valid_signin(user)
      fill_in "Email",    with: user.email
      fill_in "Password", with: user.password
      click_button "Sign in"
    end

    RSpec::Matchers.define :have_error_message do |message|
      match do |page|
        expect(page).to have_selector('div.alert.alert-error', text: message)
      end


end

-EDIT 3-

edited portion of spec/support/utilities.rb

    def sign_in(user, options={})
      if options[:no_capybara]
        # Sign in when not using Capybara.
        remember_token = User.new_remember_token
        cookies[:remember_token] = remember_token
        user.update_attribute(:remember_token, User.hash(remember_token))
        puts user
      else
        visit signin_path
        fill_in "Email",    with: user.email
        fill_in "Password", with: user.password
        click_button "Sign in"
      end
    end

Edited portion of app/controllers/users_controller

def signed_in_user
  puts current_user
  unless signed_in?
    store_location
    redirect_to signin_url, notice: "Please sign in."
  end
end

Output from rspec spec/

╭─von at Vons-Mac in ~/dev/web/rails/sample_app on updating-users✘✘✘ using ‹ruby-2.1.0@railstutorial_4_0› 14-05-15 - 19:33:59
╰─○ rspec spec/
..
F
F
F
.
#<User:0x00000106b79240>
.
.
.
...................................................#<User:0x000001026f1370>
.#<User:0x00000106361850>
.#<User:0x00000106d7b688>
.#<User:0x0000010267df38>
#<User:0x00000106a77220>
.#<User:0x00000107abc9f0>
#<User:0x0000010607c748>
.#<User:0x0000010686cd68>
#<User:0x00000101610ec0>
#<User:0x000001036d47b0>
#<User:0x00000101e54730>
.#<User:0x00000107bdc858>
.#<User:0x0000010244a590>
.........#<User:0x00000106b81008>
.#<User:0x00000106331a60>
.#<User:0x0000010629b330>
.#<User:0x0000010a96cae8>
#<User:0x0000010a092b48>
.#<User:0x0000010a9f8160>
#<User:0x0000010a09b1f8>
.#<User:0x0000010a0f84e8>
#<User:0x0000010aa6f580>
.#<User:0x000001064eef88>
#<User:0x0000010ab82080>
.#<User:0x00000106535320>
#<User:0x000001065c83c8>
.#<User:0x0000010665a1d8>
#<User:0x0000010a17d300>
.

And then the same errors before that basically said the user wasn't signed in when they should've been.

Answer 1

Not sure if this is helpful 5 years later. But I realized like a year or 2 ago that the issue was this: I was returning the entire User record when I should've been returning a field. Thus, the failing test and resulting error.