Forum: RSpec post authentication token

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
07dd367bcc4ae602d640ec8c1b280df6?d=identicon&s=25 Mark Thomson (Guest)
on 2008-10-07 04:01
(Received via mailing list)
Hi, I have a simple story that involves the user clicking a button and a
new page being rendered. Seems like a simple situation, but it's testing
my limited knowledge. The problem I have is my response test is failing,
and I'm guessing it's because the button click is meant to submit a post
request with an authentication token, which would therefore have to be
included in the post call in my scenario's "when" step. My question is
how do I go about determining the required value of the
authentication_token? Or am I just really confused?

Mark.
Cdf378de2284d8acf137122e541caa28?d=identicon&s=25 Matt Wynne (mattwynne)
on 2008-10-07 09:45
(Received via mailing list)
This is actually a pretty tough problem for a newbie, and sent me
reeling away from the story runner with my gumption in tatters the
first time I tried it.

You could probably figure out how to post an authentication token in
the HTTP headers if you use the basic underlying rails integration
session method post(), but you may be better off just walking through
the steps a real user would carry out in order to log in:

Given /logged in/ do
  visits "/login"
  fills_in :username, "Matt"
  fills_in :password, "secret"
  presses_button
end

This is what we do, and though instinctively it feels a little bit
slow and clunky to do this at the top of every scenario that requires
the user to be authenticated, in practice it's working fine for us,
and I actually find it rather nice to know you're only vaguely coupled
to the implementation.

Note that these steps above use the 'webrat' library which is the de-
facto way to talk to your rails app from feature steps.
07dd367bcc4ae602d640ec8c1b280df6?d=identicon&s=25 Mark Thomson (Guest)
on 2008-10-07 15:15
(Received via mailing list)
Hmm, thanks. Still not sure if I'm diagnosing my problem correctly. Just
to be clear, I don't have any user authentication going on, just a
regular Rails button_to call. I tried installing webrat and put "visits
'/' " in my "given" step and "clicks_button" in my "when" step. However
I get an error from my_story.rb - "No such file or directory - open
tmp/webrat-12233801950.html.

Presumably my issue would also apply in posting a form in a regular
Rails integration test. The example on pp207-208 of AWDR  doesn't
suggest that anything needs to be done in a post call to achieve session
authentication. And I see here -
http://api.rubyonrails.org/classes/ActionControlle...
that forgery protection is actually turned off in testing - which I've
confirmed in my config/environments/test.rb. So maybe I have some other
problem causing my response test to fail. Any other suggestions would be
appreciated.

Mark.
F86901feca747abbb5c6c020362ef2e7?d=identicon&s=25 Zach Dennis (zdennis)
on 2008-10-07 15:19
(Received via mailing list)
On Tue, Oct 7, 2008 at 8:36 AM, Mark Thomson <mark.thomson@ieee.org>
wrote:
> And I see here -
> 
http://api.rubyonrails.org/classes/ActionControlle...
> that forgery protection is actually turned off in testing - which I've
> confirmed in my config/environments/test.rb. So maybe I have some other
> problem causing my response test to fail. Any other suggestions would be
> appreciated.
>

Have you looked at your log/test.log file to see if there are any
exceptions being thrown? Or at least to see what is being rendered,
perhaps you're hitting a path you don't intend.

--
Zach Dennis
http://www.continuousthinking.com
http://www.mutuallyhuman.com
Cdf378de2284d8acf137122e541caa28?d=identicon&s=25 Matt Wynne (mattwynne)
on 2008-10-07 15:21
(Received via mailing list)
Another tip is to use script/console and walk the app manually.

In script/console you get an app object which is the context that your
story steps / integration tests run in.

e.g.
$script/console
Loading rails blah blah blah
 >> app.post "/login", :username => "matt", :password => "secret"
 >> puts app.response.body
 >> app.visits "/hello"

etc.

Often quite handy for having an explore when you can't figure out how
to drive something from a test.
07dd367bcc4ae602d640ec8c1b280df6?d=identicon&s=25 Mark Thomson (Guest)
on 2008-10-07 17:32
(Received via mailing list)
Hey thanks Zach. That was a good suggestion. What the log file showed me
was that I had a nil object being accessed in my "new" action - and the
reason is that it's an object that in my development code is read from a
table of global variables in my db. I create that table, including the
values of the global variable, in a migration. However, this doesn't
exist in my test db. So I did a <Model>.create in my "given" step to
instantiate the global variable and I'm now all good.

Mark.
F86901feca747abbb5c6c020362ef2e7?d=identicon&s=25 Zach Dennis (zdennis)
on 2008-10-07 20:26
(Received via mailing list)
You may want to look into using seed data. I currently use seed_fu by
mbleigh:
    http://github.com/mbleigh/seed-fu/tree/master

Here's the snippet I use to load them:

  ActiveRecord::Base.establish_connection(ActiveRecord::Base.configurations['test'])
  ActiveRecord::Schema.verbose = false
  load "#{RAILS_ROOT}/db/schema.rb"
  Dir[File.join(RAILS_ROOT, "features/fixtures", '*.rb')].sort.each {
|fixture| load fixture }

I do this rather than a rake task because that takes forever (thx
Brandon Keepers for correcting my usage, you have saved me tons of
minutes)

Zach


On Tue, Oct 7, 2008 at 11:23 AM, Mark Thomson <mark.thomson@ieee.org>
wrote:
>
>>> Rails button_to call. I tried installing webrat and put "visits '/' " in
>>> And I see here -
>> exceptions being thrown? Or at least to see what is being rendered,
>> perhaps you're hitting a path you don't intend.
>>
>>
>
> _______________________________________________
> rspec-users mailing list
> rspec-users@rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users
>



--
Zach Dennis
http://www.continuousthinking.com
http://www.mutuallyhuman.com
07dd367bcc4ae602d640ec8c1b280df6?d=identicon&s=25 Mark Thomson (Guest)
on 2008-10-07 20:45
(Received via mailing list)
Nice. Thanks. I had wondered if there was a way to separate the data
initialization from the step definitions. Looks like that's what this
does.
This topic is locked and can not be replied to.