Shopify session controller & specs

routes.rb

resource  :shopify_session, only: [:new, :create, :destroy]

shopify_session_controller.rb

class ShopifySessionsController < ApplicationController
  skip_authorization_check
  
  def new
    return unless params[:shop].present?
    
    @session = ShopifyAPI::Session.new(params[:shop], params[:t], params)
    
    respond_to do |format|
      if @session.valid?
        session[:shopify] = @session
        
        return_address = session[:return_to] || root_path
        session.delete :return_to
        
        format.html { redirect_to return_address }
      else
        flash.now.alert = "Shopify authentication failed."
        format.html { render action: "new" }
      end
    end
  end
  
  def create
    @session = ShopifyAPI::Session.new(params[:shop][:domain])
    permission_url = @session.create_permission_url
    
    respond_to do |format|
      format.html { redirect_to permission_url }
    end
  end
  
  def destroy
    if session[:shopify]
      session.delete :shopify
      redirect_to new_shopify_session_path, :notice => 'Successfully logged out of Shopify store.'
    else
      redirect_to new_shopify_session_path, :alert => 'You are not signed in.'
    end
  end
  
end

shopify_sessions_controller_spec.rb

require 'spec_helper'

describe ShopifySessionsController do
  
  def valid_attributes
    {
      :domain => Faker::Internet.url,
      :name   => Faker::Company.name,
      :token  => SecureRandom.hex(16)
    }
  end
  
  describe "GET new" do
    context "when shop param is not present" do
      subject { get :new }
      it { should be_success }
    end
    
    context "when shop param is present" do
      before(:each) do
        @domain   = Faker::Internet.url
        @token    = SecureRandom.hex(16)
        @session  = ShopifyAPI::Session.new(@domain, @token)
        ShopifyAPI::Session.should_receive(:new).and_return(@session)
      end
      
      context "with a valid domain" do
        before do
          @session.should_receive(:valid?).and_return(true)
        end
        
        it "should store the session" do
          get :new, shop: @domain, t: @token
          request.session[:shopify].should eq assigns(:session)
        end
        
        it "should redirect to return_to and reset it" do
          @return_path = "return/path"
          request.session[:return_to] = @return_path
          get :new, shop: @domain, t: @token
          request.session[:return_to].should be_nil
          response.should redirect_to @return_path
        end
      end
      
      context "with an invalid domain" do
        before do
          @session.should_receive(:valid?).and_return(false)
        end
        
        it "should render the new template" do
          get :new, shop: "bad domain", t: "bad token"
          response.should render_template "new"
        end
        
        it "should set the :alert flash" do
          get :new, shop: "bad domain", t: "bad token"
          flash.alert.should_not be_nil
        end
      end
    end
  end
  
  describe "POST create" do
    before do
      @permission_url = "permission/url"
      ShopifyAPI::Session.any_instance.should_receive(:create_permission_url).and_return(@permission_url)
    end
    
    it "should assign a new session to @session" do
      post :create, shop: valid_attributes
      assigns(:session).should be_a ShopifyAPI::Session
    end
    
    it "should redirect to the permission url" do
      post :create, shop: valid_attributes
      response.should redirect_to @permission_url
    end
  end
  
  describe "DELETE destroy" do
    context "when logged in" do
      before do
        @domain = Faker::Internet.url
        @token  = SecureRandom.hex(16)
        request.session[:shopify] = ShopifyAPI::Session.new(@domain, @token)
      end
      
      it "should delete :shopify from session" do
        delete :destroy
        request.session[:shopify].should be_nil
      end
      
      it "should redirect to new shopify session path" do
        delete :destroy
        request.should redirect_to new_shopify_session_path
      end
      
      it "should set flash notice" do
        delete :destroy
        flash[:notice].should_not be_nil
      end
    end
    
    context "when not logged in" do
      before do
        request.session[:foo] = :bar
      end
      
      it "should redirect to new shopify session path" do
        delete :destroy
        request.should redirect_to new_shopify_session_path
      end
      
      it "should set flash alert" do
        delete :destroy
        flash[:alert].should_not be_nil
      end
    end
  end
  
end

shopify_sessions_routing_spec.rb

require 'spec_helper'

describe ShopifySessionsController do
  
  describe :routing do
    describe "POST create" do
      subject { post "/shopify_session" }
      it "should route to #create" do
        should route_to "shopify_sessions#create"
      end
    end
    
    describe "GET new" do
      subject { get "/shopify_session/new" }
      it "should route to #new" do
        should route_to "shopify_sessions#new"
      end
    end
    
    describe "DELETE destroy" do
      subject { delete "/shopify_session" }
      it "should route to #destroy" do
        should route_to "shopify_sessions#destroy"
      end
    end
  end
  
end

I forgot to add the form:

# app/views/shopify_sessions/new.html.slim
= semantic_form_for @shop, url: shopify_session_path do |f|
  = f.inputs do
    = f.input :domain, label: "Your store's URL or .myshopify.com domain"
  = f.buttons do
    = f.commit_button "Login / Install"