What about your models? They are important too, and fortunately these libraries handle most of the model work in the background for you. There are still things you can test though! The main thing that come to mind are ensuring that you only load the devise modules that you want. For devise_token_auth, you also want to ensure you load the model concern.
Let's say that you're only using the Database Authenticateable and Registerable modules. With Devise, your model might look something like this:
class User < ActiveRecord::Base devise :database_authenticatable, :registerable end
Devise provides a method called devise_modules that returns an array of symbols representing the modules that you include. With this, you can easily test that you're using only these two modules by doing this:
// spec/models/user_spec.rb // using RSpec and FactoryGirl for testing RSpec.describe User do it 'has the right devise modules loaded' do user = FactoryGirl.build(:user) expect(user.devise_modules).to eq([:database_authenticatable, :registerable]) end end
What if there was a business requirement that Omniauth was not available? Well, you can test that easily too:
it 'does not load the Omniauth module' do user = FactoryGirl.build(:user) expect(user.devise_modules.include?(:omniauthable)).to be_falsey end
With devise_token_auth, you also include a concern to add extra methods to User that are used internally. How can you test this? Easily!
it 'loads the DeviseTokenAuth concern' do expect(User.ancestors.include?(DeviseTokenAuth::Concerns::User)).to be_truthy end
With these tests, you can be sure that your model includes everything from Devise that you're expecting it too. This is great insurance for when you decide to refactor your model 6 months from now. It makes your assumptions clear, ensures that any changes are explicit, and allows you to test your user model is using Devise without having to run your expensive feature specs.