From 280c9dea73d8b14f154cb1f207d44538649b0cbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20G=C3=BCnther?= Date: Fri, 17 Apr 2026 09:50:38 +0200 Subject: [PATCH 1/2] Do not stub RequestStore in feature spec --- spec/support/authentication_helpers.rb | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/spec/support/authentication_helpers.rb b/spec/support/authentication_helpers.rb index 855dc0a13d35..e5af90c208fc 100644 --- a/spec/support/authentication_helpers.rb +++ b/spec/support/authentication_helpers.rb @@ -37,10 +37,10 @@ def self.included(base) def login_as(user) if is_a?(RSpec::Rails::FeatureExampleGroup) - # If we want to mock having finished the login process - # we must set the user_id in rack.session accordingly - # Otherwise e.g. calls to Warden will behave unexpectantly - # as they will login AnonymousUser + # Set the session so the browser sends it with every subsequent request. + # User.current is then established through the normal controller auth flow + # (ApplicationController#user_setup -> find_current_user -> session[:user_id]). + # We intentionally do not stub RequestStore here to use the normal mechanism. if using_cuprite? && js_enabled? page.driver.set_cookie( OpenProject::Configuration["session_cookie_name"], @@ -49,10 +49,12 @@ def login_as(user) else page.set_rack_session(session_value_for(user)) end + else + # For non-feature specs (controller/request specs) there is no session to stub + # so we stub RequestStore directly on User.current + allow(RequestStore).to receive(:[]).and_call_original + allow(RequestStore).to receive(:[]).with(:current_user).and_return(user) end - - allow(RequestStore).to receive(:[]).and_call_original - allow(RequestStore).to receive(:[]).with(:current_user).and_return(user) end def login_with(login, password, autologin: false, visit_signin_path: true) From bb6585936b510571d7f968f29329f5b3555349aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20G=C3=BCnther?= Date: Fri, 17 Apr 2026 10:18:39 +0200 Subject: [PATCH 2/2] Actually create a session for the user --- spec/support/authentication_helpers.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spec/support/authentication_helpers.rb b/spec/support/authentication_helpers.rb index e5af90c208fc..225b44da728c 100644 --- a/spec/support/authentication_helpers.rb +++ b/spec/support/authentication_helpers.rb @@ -42,9 +42,10 @@ def login_as(user) # (ApplicationController#user_setup -> find_current_user -> session[:user_id]). # We intentionally do not stub RequestStore here to use the normal mechanism. if using_cuprite? && js_enabled? + session = create(:user_session, user:) page.driver.set_cookie( OpenProject::Configuration["session_cookie_name"], - session_value_for(user).to_s + session.session_id ) else page.set_rack_session(session_value_for(user))