Testing with login engine: Best practices?

sross · November 28, 2005, 2:49am

IÂ¹m using the login engine, but when it got to retesting, I noodled over
how
to get logged in before my tests for protected pages. What I settled on:

test_helper.rb

def get_logged_in
@request.session[:user] = User.find_first
assert_not_nil @request.session[:user]
@request.session[:user].logged_in_at = Time.now
@request.session[:user].save
end

Then in my tests, each method protected by login calls get_logged_in.
Questions: 1) Is this flawed? 2) Is there a better way to handle this?

Thanks

sross · November 28, 2005, 9:28am

If you’re testing, you don’t need to updated the logged_in_at field…

Another option, if you don’t actually want to test the security but
instead focus on the behaviour of your own controllers, is to disabled
the filter when testing. In
RAILS_ROOT/test/functional/your_controller_test.rb:

class YourController;
# we don’t want to test authorization here
skip_before_filter :authorize_action

# Raise errors beyond the default web-based presentation
def rescue_action(e) raise e end;

end

class RoleControllerTest < Test::Unit::TestCase

fixtures ...
def setup()
  ...
  # put a user into the session if your actions will expect one
  @request.session[:user] = User.find...(whatever)
end

 ....

end

james