Testing HTTP Basic Authentication

casper_the_ghost · December 24, 2007, 3:37am

I’m using the new 2.0 HTTP Basic Authentication module mentioned in
the announcement, and having trouble figuring out how to write a
functional tests that will do both positive and negative tests.

The framework documentation has the following snippet:

<>
In your integration tests, you can do something like this:

def test_access_granted_from_xml
get(
“/notes/1.xml”, nil,
:authorization =>
ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name,
users(:dhh).password)
)

assert_equal 200, status

end
<>

Looking at the code for the test_process implementation of get, the
parameters are: action, parameters = nil, session = nil, flash = nil.

That :authorization hash would actually be part of the session, not
the headers. I looked around and couldn’t figure out how to set
headers in a test context.

I’d like to add tests to make sure that those sections that require
authentication are guarded and that entering the wrong account/
password fails.

Any suggestions?

casper_the_ghost · December 24, 2007, 8:07am

Here is the testing code:

class Admin::EventsControllerTest < Test::Unit::TestCase
fixtures :categories

def setup
@controller = Admin::EventsController.new
@request = ActionController::TestRequest.new
@response = ActionController::TestResponse.new
end

def login_as_admin
@request.env[‘HTTP_AUTHORIZATION’] =
ActionController::HttpAuthentication::Basic.encode_credentials(“admin”,
“password”)
end

def test_all_pages_for_admin_is_protected
[:index, :edit, :show, :create, :update, :destroy].each do |actione|
get actione
assert_response :unauthorized
end
end

def test_index_page_loads_upon_successful_login
login_as_admin

get :index, :id => categories(:all).id

assert_response :success
assert_template 'index'
assert assigns(:events)

end
end

On Dec 23, 2007 6:36 PM, [email protected] [email protected]
wrote:

I’m using the new 2.0 HTTP Basic Authentication module mentioned in
the announcement, and having trouble figuring out how to write a
functional tests that will do both positive and negative tests.

–
http://www.rubyplus.org/
Free Ruby Screencasts

casper_the_ghost · December 24, 2007, 8:47am

Ahh, that makes sense.

The key part being:

@request.env[‘HTTP_AUTHORIZATION’] =
ActionController::HttpAuthentication::Basic.encode_credentials(“admin”,
“password”)

Thanks!