From cfedb495400c651fc88697a4c5747eee9668623d Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Fri, 5 Mar 2021 13:25:35 -0500 Subject: [PATCH 01/13] allows SymphonyClient to operate without the guests UserID and PIN --- app/controllers/application_controller.rb | 5 ++++- app/controllers/errors_controller.rb | 5 ++++- app/controllers/sessions_controller.rb | 4 ++++ app/services/symphony_client.rb | 22 +++++++++++++++++++--- config/initializers/warden.rb | 11 ++++++++--- 5 files changed, 39 insertions(+), 8 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 4256e815..3d7ba38c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -26,7 +26,10 @@ def patron MAX_INACTIVE_TIME = 2.hours - 5.minutes def authenticate_webaccess - redirect_to Settings.symws.webaccess_url + request.base_url + # if we aren't given a REMOTE_USER variable we are unauthorized. + # this maybe should be a 401, however if apache is misconfigured + # there's no amount of retrying that will fix this for the guest + redirect_to '/500' unless request.env.fetch('HTTP_REMOTE_USER', nil) end def symphony_client diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb index d764b59a..af1b6c6a 100644 --- a/app/controllers/errors_controller.rb +++ b/app/controllers/errors_controller.rb @@ -1,7 +1,10 @@ # frozen_string_literal: true class ErrorsController < ApplicationController - before_action :authenticate_user! + # for users that are not able to auth, this before action was causing some heartache. + # perhaps there's a better way to do it. but for errors, i don't think it's unresonable to be + # unauthenticated + # before_action :authenticate_user! def not_found respond_to do |format| diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 90e6ef70..edf6e740 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -17,6 +17,10 @@ def index return redirect_to original_fullpath if original_fullpath.present? redirect_to summaries_url + else + # if the symphony client returns no user we might want to redirect to a page that + # says that they don't have a record? + redirect_to '/500' end end diff --git a/app/services/symphony_client.rb b/app/services/symphony_client.rb index c1452352..14976a35 100644 --- a/app/services/symphony_client.rb +++ b/app/services/symphony_client.rb @@ -16,12 +16,28 @@ class SymphonyClient MAX_WAIT_TIME = 30 SAFE_PATRON_ADDRESS_FIELDS = [:email, :street1, :street2, :zip].freeze - def login(user_id, password) - response = request('/user/patron/login', method: :post, json: { + def get_patron_record(remote_user, session_token) + user = Hash.new + resp = authenticated_request("/user/patron/search", + headers: { 'x-sirs-sessionToken': session_token}, + params: { + q: "ALT_ID:#{remote_user.upcase}", + includeFields: '*' + }) + resp = JSON.parse(resp.body) + user['patronKey'] = resp['result'][0]['key'] + user['name'] = resp['result'][0]['displayName'] + user['sessionToken'] = session_token + end + + def login(user_id, password, remote_user=nil) + response = request('/user/staff/login', method: :post, json: { login: user_id, password: password }) - JSON.parse(response.body) + resp = JSON.parse(response.body) + session_token = resp['sessionToken'] + get_patron_record(remote_user, session_token) end # This method is for validating user session_token diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index b5931135..a6437efe 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -2,15 +2,20 @@ Warden::Strategies.add(:library_id) do def valid? - params['user_id'].present? && params['password'].present? + remote_user + end + + def remote_user + request.env.fetch("HTTP_REMOTE_USER", false) end def authenticate! - response = SymphonyClient.new.login(params['user_id'], params['password']) + + response = SymphonyClient.new.login(Settings.symws.username, Settings.symws.pin, remote_user) if response['patronKey'] user = { - username: params['user_id'], + username: remote_user, name: response['name'], patron_key: response['patronKey'], session_token: response['sessionToken'] From db3bebd4ba84997f5f64a4246c43ecdc2d51257f Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Fri, 5 Mar 2021 13:36:54 -0500 Subject: [PATCH 02/13] returns user object --- app/services/symphony_client.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/services/symphony_client.rb b/app/services/symphony_client.rb index 14976a35..10cdba48 100644 --- a/app/services/symphony_client.rb +++ b/app/services/symphony_client.rb @@ -28,6 +28,7 @@ def get_patron_record(remote_user, session_token) user['patronKey'] = resp['result'][0]['key'] user['name'] = resp['result'][0]['displayName'] user['sessionToken'] = session_token + user end def login(user_id, password, remote_user=nil) From cabaee0790f936258c074915645b9d3e236d5679 Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Tue, 9 Mar 2021 16:47:37 -0500 Subject: [PATCH 03/13] allows for settings to be ENV variables --- config/settings.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/config/settings.yml b/config/settings.yml index 4ce60ce5..09051300 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -1,18 +1,25 @@ maintenance_mode: false show_announcement: false +remote_user_header: <%= ENV.fetch("REMOTE_USER_HEADER") { "HTTP_REMOTE_USER"} %> announcement: icon: message: html_class: symws: webaccess_url: - url: - headers: {} + url: <%= ENV.fetch("SYMWS_URL") { nil } %> + username: <%= ENV.fetch("SYMWS_USERNAME") { nil } %> + pin: <%= ENV.fetch("SYMWS_PIN") { nil } %> + headers: + sd_originating_app_id: cs + x_sirs_clientID: PSUCATALOG + content_type: 'application/json' + accept: 'application/json' redis: sidekiq: - uri: redis://127.0.0.1:6379/1 + uri: <%= ENV.fetch("REDIS_SIDEKIQ_URI") { "redis://127.0.0.1:6379/1" } %> database: - uri: redis://127.0.0.1:6379/2 + uri: <%= ENV.fetch("REDIS_DATABASE_URI") { "redis://127.0.0.1:6379/2" } %> matomo_id: 11 pickup_locations: UP-PAT: 'Pattee Commons Services Desk' From 15245577bb4bac41296428e711e70f2f3d440c43 Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Tue, 9 Mar 2021 16:49:34 -0500 Subject: [PATCH 04/13] allows header to be configurable. --- app/controllers/application_controller.rb | 2 +- app/services/symphony_client.rb | 8 +++++--- config/initializers/warden.rb | 10 ++++++---- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3d7ba38c..f9ea25d5 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -29,7 +29,7 @@ def authenticate_webaccess # if we aren't given a REMOTE_USER variable we are unauthorized. # this maybe should be a 401, however if apache is misconfigured # there's no amount of retrying that will fix this for the guest - redirect_to '/500' unless request.env.fetch('HTTP_REMOTE_USER', nil) + redirect_to '/500' unless request.env.fetch(Settings.remote_user_header, nil) end def symphony_client diff --git a/app/services/symphony_client.rb b/app/services/symphony_client.rb index 10cdba48..df14d07a 100644 --- a/app/services/symphony_client.rb +++ b/app/services/symphony_client.rb @@ -24,9 +24,11 @@ def get_patron_record(remote_user, session_token) q: "ALT_ID:#{remote_user.upcase}", includeFields: '*' }) - resp = JSON.parse(resp.body) - user['patronKey'] = resp['result'][0]['key'] - user['name'] = resp['result'][0]['displayName'] + return nil unless resp.status == 200 + resp = JSON.parse(resp.body)['result'].first + return nil unless resp + user['patronKey'] = resp['key'] + user['fields'] = resp['fields'] user['sessionToken'] = session_token user end diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index a6437efe..b2af8c9c 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -6,17 +6,19 @@ def valid? end def remote_user - request.env.fetch("HTTP_REMOTE_USER", false) + user = request.env.fetch(Settings.remote_user_header, false) + user = user.split('@')[0] end def authenticate! - response = SymphonyClient.new.login(Settings.symws.username, Settings.symws.pin, remote_user) + response = SymphonyClient.new.login(Settings.symws.username, Settings.symws.pin, remote_user) || {} - if response['patronKey'] + + if response.fetch('patronKey', nil) user = { username: remote_user, - name: response['name'], + name: response['fields']['displayName'], patron_key: response['patronKey'], session_token: response['sessionToken'] } From 1bbf90d1cdf110677a07465689f21b25580813bf Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Tue, 9 Mar 2021 16:54:37 -0500 Subject: [PATCH 05/13] only split the remote user if it exsists --- config/initializers/warden.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index b2af8c9c..bbbe335e 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -7,7 +7,7 @@ def valid? def remote_user user = request.env.fetch(Settings.remote_user_header, false) - user = user.split('@')[0] + user = user.split('@')[0] if user end def authenticate! From 212bf72df906a2dab959ba6faeecd8850f1c439f Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Wed, 10 Mar 2021 08:50:48 -0500 Subject: [PATCH 06/13] niftany fixes --- .rubocop_todo.yml | 3 ++- app/controllers/application_controller.rb | 2 +- app/controllers/sessions_controller.rb | 2 +- app/services/symphony_client.rb | 8 +++++--- config/initializers/warden.rb | 5 ++--- 5 files changed, 11 insertions(+), 9 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 27f91365..5de2f621 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -9,7 +9,8 @@ # Offense count: 2 # Configuration parameters: CountComments. Metrics/ClassLength: - Max: 258 + # TODO change only for SymphonyClient, or refactor SymphonyClient + Max: 280 # Offense count: 25 RSpec/NestedGroups: diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f9ea25d5..3659349e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -26,7 +26,7 @@ def patron MAX_INACTIVE_TIME = 2.hours - 5.minutes def authenticate_webaccess - # if we aren't given a REMOTE_USER variable we are unauthorized. + # if we aren't given a REMOTE_USER variable we are unauthorized. # this maybe should be a 401, however if apache is misconfigured # there's no amount of retrying that will fix this for the guest redirect_to '/500' unless request.env.fetch(Settings.remote_user_header, nil) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index edf6e740..11892a9f 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -18,7 +18,7 @@ def index redirect_to summaries_url else - # if the symphony client returns no user we might want to redirect to a page that + # if the symphony client returns no user we might want to redirect to a page that # says that they don't have a record? redirect_to '/500' end diff --git a/app/services/symphony_client.rb b/app/services/symphony_client.rb index df14d07a..c023dce2 100644 --- a/app/services/symphony_client.rb +++ b/app/services/symphony_client.rb @@ -18,22 +18,24 @@ class SymphonyClient def get_patron_record(remote_user, session_token) user = Hash.new - resp = authenticated_request("/user/patron/search", - headers: { 'x-sirs-sessionToken': session_token}, + resp = authenticated_request('/user/patron/search', + headers: { 'x-sirs-sessionToken': session_token }, params: { q: "ALT_ID:#{remote_user.upcase}", includeFields: '*' }) return nil unless resp.status == 200 + resp = JSON.parse(resp.body)['result'].first return nil unless resp + user['patronKey'] = resp['key'] user['fields'] = resp['fields'] user['sessionToken'] = session_token user end - def login(user_id, password, remote_user=nil) + def login(user_id, password, remote_user = nil) response = request('/user/staff/login', method: :post, json: { login: user_id, password: password diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index bbbe335e..4dcd0740 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -6,15 +6,14 @@ def valid? end def remote_user - user = request.env.fetch(Settings.remote_user_header, false) + user = request.env.fetch(Settings.remote_user_header, false) user = user.split('@')[0] if user + user end def authenticate! - response = SymphonyClient.new.login(Settings.symws.username, Settings.symws.pin, remote_user) || {} - if response.fetch('patronKey', nil) user = { username: remote_user, From c2ddd718203e73b5897a681812ee056ad0917e41 Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Mon, 5 Apr 2021 11:11:15 -0400 Subject: [PATCH 07/13] quote pin --- config/settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/settings.yml b/config/settings.yml index 09051300..656ef3e8 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -9,7 +9,7 @@ symws: webaccess_url: url: <%= ENV.fetch("SYMWS_URL") { nil } %> username: <%= ENV.fetch("SYMWS_USERNAME") { nil } %> - pin: <%= ENV.fetch("SYMWS_PIN") { nil } %> + pin: "<%= ENV.fetch("SYMWS_PIN") { nil } %>" headers: sd_originating_app_id: cs x_sirs_clientID: PSUCATALOG From 559ea802418f125e43264e66ae13eeccfbc19093 Mon Sep 17 00:00:00 2001 From: Banu Hapeloglu Kutlu Date: Tue, 6 Apr 2021 15:47:38 -0500 Subject: [PATCH 08/13] get_patron_record set as private, update specs for changed auth (#368) --- app/services/symphony_client.rb | 39 ++++++++++++++------------- config/settings/test.yml | 3 ++- spec/requests/errors_spec.rb | 2 +- spec/services/symphony_client_spec.rb | 12 ++++++--- 4 files changed, 32 insertions(+), 24 deletions(-) diff --git a/app/services/symphony_client.rb b/app/services/symphony_client.rb index c023dce2..28bb4242 100644 --- a/app/services/symphony_client.rb +++ b/app/services/symphony_client.rb @@ -16,25 +16,6 @@ class SymphonyClient MAX_WAIT_TIME = 30 SAFE_PATRON_ADDRESS_FIELDS = [:email, :street1, :street2, :zip].freeze - def get_patron_record(remote_user, session_token) - user = Hash.new - resp = authenticated_request('/user/patron/search', - headers: { 'x-sirs-sessionToken': session_token }, - params: { - q: "ALT_ID:#{remote_user.upcase}", - includeFields: '*' - }) - return nil unless resp.status == 200 - - resp = JSON.parse(resp.body)['result'].first - return nil unless resp - - user['patronKey'] = resp['key'] - user['fields'] = resp['fields'] - user['sessionToken'] = session_token - user - end - def login(user_id, password, remote_user = nil) response = request('/user/staff/login', method: :post, json: { login: user_id, @@ -215,6 +196,26 @@ def get_all_locations private + def get_patron_record(remote_user, session_token) + user = Hash.new + + response = authenticated_request('/user/patron/search', + headers: { 'x-sirs-sessionToken': session_token }, + params: { + q: "ALT_ID:#{remote_user.upcase}", + includeFields: '*' + }) + return nil unless response.status == 200 + + parsed_response = JSON.parse(response.body)['result'].first + return nil unless parsed_response + + user['patronKey'] = parsed_response['key'] + user['fields'] = parsed_response['fields'] + user['sessionToken'] = session_token + user + end + def patron_address(params) params.permit(SAFE_PATRON_ADDRESS_FIELDS) .to_h diff --git a/config/settings/test.yml b/config/settings/test.yml index a98670a8..c1902340 100644 --- a/config/settings/test.yml +++ b/config/settings/test.yml @@ -6,4 +6,5 @@ symws: login_params: login: 'fake_user' password: 'some_password' - patron_key: 'some_patron_key' \ No newline at end of file + patron_key: 'some_patron_key' + remote_user: 'remote_user' \ No newline at end of file diff --git a/spec/requests/errors_spec.rb b/spec/requests/errors_spec.rb index 22617ec4..1c891a37 100644 --- a/spec/requests/errors_spec.rb +++ b/spec/requests/errors_spec.rb @@ -7,7 +7,7 @@ it 'goes to the application root' do get '/bad_route' - expect(response).to redirect_to root_url + expect(response).to have_http_status(:not_found) end end diff --git a/spec/services/symphony_client_spec.rb b/spec/services/symphony_client_spec.rb index 850544f9..bcd96a78 100644 --- a/spec/services/symphony_client_spec.rb +++ b/spec/services/symphony_client_spec.rb @@ -19,14 +19,20 @@ describe '#login' do before do - stub_request(:post, "#{Settings.symws.url}/user/patron/login") + stub_request(:post, "#{Settings.symws.url}/user/staff/login") .with(body: Settings.symws.login_params.to_h, headers: Settings.symws.headers) - .to_return(body: { patronKey: Settings.symws.patron_key }.to_json) + .to_return(body: { sessionToken: user.session_token }.to_json) + + stub_request(:get, "#{Settings.symws.url}/user/patron/search") + .with(headers: Settings.symws.headers.to_h.merge('X-Sirs-Sessiontoken': 'e0b5e1a3e86a399112b9eb893daeacfd'), + query: hash_including(includeFields: '*')) + .to_return(status: 200, + body: { result: [{ key: Settings.symws.patron_key, fields: '' }] }.to_json) end it 'logs the user in to symphony' do - expect(client.login('fake_user', 'some_password')).to include 'patronKey' => 'some_patron_key' + expect(client.login('fake_user', 'some_password', 'remote_user')).to include 'patronKey' => 'some_patron_key' end end From 6d789636078736f546f5e4baa49c68095a36a473 Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Thu, 6 May 2021 21:19:33 -0400 Subject: [PATCH 09/13] wip. masquerade support --- app/controllers/sessions_controller.rb | 2 +- app/views/sessions/destroy.html.erb | 4 ++++ config/initializers/warden.rb | 5 +++++ config/settings.yml | 2 ++ 4 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 app/views/sessions/destroy.html.erb diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 11892a9f..1d46c0b7 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -30,6 +30,6 @@ def index def destroy request.env['warden'].logout - redirect_to root_url + return 'thanks for stopping by' end end diff --git a/app/views/sessions/destroy.html.erb b/app/views/sessions/destroy.html.erb new file mode 100644 index 00000000..c808c77a --- /dev/null +++ b/app/views/sessions/destroy.html.erb @@ -0,0 +1,4 @@ + +

Logout

+ +

thanks for stopping by

\ No newline at end of file diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index 4dcd0740..f0fb9bed 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -8,6 +8,11 @@ def valid? def remote_user user = request.env.fetch(Settings.remote_user_header, false) user = user.split('@')[0] if user + + if request.params['masquerade'] and Settings.admin_users.include?(user) + user = request.params['masquerade'] + end + user end diff --git a/config/settings.yml b/config/settings.yml index 656ef3e8..443f2fd5 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -1,6 +1,8 @@ maintenance_mode: false show_announcement: false remote_user_header: <%= ENV.fetch("REMOTE_USER_HEADER") { "HTTP_REMOTE_USER"} %> +# list of users that can masqurade as other users +admin_users: [] announcement: icon: message: From dcd676b56400aee3671feb9e23c0e50bf540bbea Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Thu, 6 May 2021 21:21:57 -0400 Subject: [PATCH 10/13] masquerade support --- config/settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/settings.yml b/config/settings.yml index 443f2fd5..fa9169d6 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -1,7 +1,7 @@ maintenance_mode: false show_announcement: false remote_user_header: <%= ENV.fetch("REMOTE_USER_HEADER") { "HTTP_REMOTE_USER"} %> -# list of users that can masqurade as other users +# list of users that can masquerade as other users admin_users: [] announcement: icon: From 656acb97bf627dcc75f18bf2f54fd704877b1eba Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Fri, 7 May 2021 08:10:13 -0400 Subject: [PATCH 11/13] linting --- app/controllers/sessions_controller.rb | 1 - config/initializers/warden.rb | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 1d46c0b7..4f86eb4d 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -30,6 +30,5 @@ def index def destroy request.env['warden'].logout - return 'thanks for stopping by' end end diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index f0fb9bed..4c79cf90 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -9,7 +9,7 @@ def remote_user user = request.env.fetch(Settings.remote_user_header, false) user = user.split('@')[0] if user - if request.params['masquerade'] and Settings.admin_users.include?(user) + if request.params['masquerade'] && Settings.admin_users.include?(user) user = request.params['masquerade'] end From 44f81b6e6ed7ac39f006de14363639060e32ed20 Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Fri, 7 May 2021 08:18:18 -0400 Subject: [PATCH 12/13] linting --- app/controllers/sessions_controller.rb | 1 - app/views/sessions/destroy.html.erb | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 4f86eb4d..370a64d9 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -29,6 +29,5 @@ def index # GET /logout def destroy request.env['warden'].logout - end end diff --git a/app/views/sessions/destroy.html.erb b/app/views/sessions/destroy.html.erb index c808c77a..1f234f5e 100644 --- a/app/views/sessions/destroy.html.erb +++ b/app/views/sessions/destroy.html.erb @@ -1,4 +1,4 @@

Logout

-

thanks for stopping by

\ No newline at end of file +

thanks for stopping by

From 644a46be46612336ed3c36cbaaa163a72e887faa Mon Sep 17 00:00:00 2001 From: whereismyjetpack Date: Fri, 7 May 2021 08:26:22 -0400 Subject: [PATCH 13/13] updates spec to expect the destroy render --- spec/controllers/sessions_controller_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb index bcd408a9..4104cf0b 100644 --- a/spec/controllers/sessions_controller_spec.rb +++ b/spec/controllers/sessions_controller_spec.rb @@ -42,7 +42,7 @@ end it 'redirects to the root' do - expect(get(:destroy)).to redirect_to root_url + expect(get(:destroy)).to render_template 'destroy' end end end