devise_security_extension undefined method authenticate for nil:NilClass on Rspec Tests for Controller That Skips AuthenticationPosted: February 27, 2015 | Author: ThomasPowell | Filed under: daily learning | Tags: devise, extensions, rails | Leave a comment »
After installing the Devise Security Extension to add password expiration to my Devise models, I started getting the following error on an RSpec test for a controller that does not perform authentication of the user:
Failure/Error: get :index NoMethodError: undefined method `authenticate?' for nil:NilClass
After a bit of digging, I found that the helpers.rb in the gem includes an additional
before_filter that needs to be skipped:
module DeviseSecurityExtension module Controllers module Helpers extend ActiveSupport::Concern included do before_filter :handle_password_change end
So while I’m skipping
authenticate_user! in my controller, I still needed an additional:
Interestingly enough, the controller itself doesn’t break, just the tests. The downside is that I’m referencing two different Devise filters/actions just to not use them.
First of all, I hope that you’ve moved beyond MD5 hashes and hashing passwords by themselves, adding salts, etc., but I do recall systems in which an MD5 hash of a password by itself was “good enough”.
You can look up some md5 hashes on this md5 cracker page. I found many two word combinations that were crackable.
You can play with generating md5 hashes of questionable passwords (such as your name and p@ssw0rd) with this md5 Hash Generator