Functional testing with form_authenticity_token

hello,

I am building a page that has many ajax calls on the page, so when I
moved to rails 2.0, I, of course, noticed that my ajax calls stopped
working. After some research, I came up with the following solution.

I create a

<%= form_authenticity_token
%>
at the bottom of my document, so that I could easily grab the
value with javascript and include it in my ajax calls This worked
great, btw.

The problem comes when I am trying to write functional tests for the
these pages. For example, the following code:

def test_view_not_logged_in
get :view, :id => users(:quentin).id
assert_response :success
end

Creates the following error:

ActionView::TemplateError: No :secret given to the
#protect_from_forgery call. Set that or use a session store capable
of generating its own keys (Cookie Session Store).
On line #39 of account/_signup_form.rhtml

36:   </div>
37:   <a href="javascript:showNewImage()">Try a different image </

a>
38: <% end -%>
39:

<%=
form_authenticity_token %>

I am using the Cookie Session Store in my development and production
environements. Is there any difference in the test environment? I
could add the :secret when I do testing, but that is pretty
cumbersome.

thanks in advance for any help!

Greg

Hi,

Unfortunately I also came into this bug so I created a patch and
submitted it to lighthouse:
http://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/242-patch-fixing-form_authenticity_token-in-the-test-environment

It doesn’t merge correctly into 2.0.1, only edge.

Tiago M.

Following up on my own post…

I guess that I need to make sure that forgery is turned on:

<% if protect_against_forgery? %>

<%= form_authenticity_token %>
<% end %>

The test environment turns it off.