Not sure but maybe you need to include the ActionDispatch::Flash middleware to support the flash. Using: config.middleware.use ActionDispatch::Flash The docs says: ActionDispatch::Flash: Supports the flash mechanism in ActionController. I hope it helps
Indeed, the RSpec team officially states controller specs are now obsolete. http://rspec.info/blog/2016/07/rspec-3-5-has-been-released/ For new Rails apps: we don’t recommend adding the rails-controller-testing gem to your application. The official recommendation of the Rails team and the RSpec core team is to write request specs instead. Request specs allow you to focus on a single controller action, … Read more
The important point, from a security perspective, is to exchange the user’s email and password for a token once, and then use that token for subsequent requests. This is because: You don’t want the client app to be responsible for holding onto the user’s password, where a bug or attack could cause it to be … Read more
token_authenticatable is vulnerable to timing attacks, which are very well explained in this blog post. These attacks were the reason token_authenticatable was removed from Devise 3.1. See the plataformatec blog post for more info. To have the most secure token authentication mechanism, the token: Must be sent via HTTPS. Must be random, of cryptographic strength. … Read more