Forum: RSpec Tests that require a logged in user / session cookie

A881776ee6b783550a65c74fa5c1a286?d=identicon&s=25 Matthias Siegel (Guest)
on 2011-08-25 03:14
(Received via mailing list)
Hi,

I'm fairly new to RSpec with Rails and I'm trying to work out how I can
write request specs for resources that require a logged in user.

I can't get this one to pass:


describe "GET /admin/account" do

  it "should have a 200 status code when logged in" do
    post "/login", { :email => @user.email, :password => @user.password
}
    response.should redirect_to("/admin")
    response.code.should eq("302")
    get "/admin/account"
    response.code.should eq("200")
  end

end


The login post part works fine and the session gets created correctly in
the login method, but then the test fails at 'get "/admin/account"'
because the session suddenly is empty.

I have tried another approach where I set the session manually, to
simulate a logged in user:


describe "GET /admin/account" do

  it "should have a 200 status code when logged in" do
    session[:user_id] ||= @user.id
    get "/admin/account"
    response.code.should eq("200")
  end

end


But again the session arrives empty in my authorisation method when
trying 'get "/admin/account"'.

My guess is that it fails because the session relies on cookies and in
test mode there obviously is no browser and no cookie.
Are there ways to simulate a logged in user in an app that creates
sessions with cookies?

Thanks for any suggestions
1df9fc8ddf084661265bbae74a8d0b43?d=identicon&s=25 Justin Ko (Guest)
on 2011-08-25 05:02
(Received via mailing list)
On Wed, Aug 24, 2011 at 6:40 PM, Matthias Siegel
<matthiassiegel@gmail.com>wrote:

>  it "should have a 200 status code when logged in" do
> The login post part works fine and the session gets created correctly in
>    session[:user_id] ||= @user.id
> My guess is that it fails because the session relies on cookies and in test
> mode there obviously is no browser and no cookie.
> Are there ways to simulate a logged in user in an app that creates sessions
> with cookies?
>
> Thanks for any suggestions
> _______________________________________________
> rspec-users mailing list
> rspec-users@rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users
>


What you are doing *should* work. Are there any before_filters altering
the
session? Maybe a gem doing it? Maybe you have an admin namespace that
calls/uses a different session?
A881776ee6b783550a65c74fa5c1a286?d=identicon&s=25 Matthias Siegel (Guest)
on 2011-08-25 16:12
(Received via mailing list)
On 25/08/2011, at 11:10 AM, Justin Ko wrote:

> describe "GET /admin/account" do
>
>    get "/admin/account"
>
> Thanks for any suggestions
>
> What you are doing *should* work. Are there any before_filters altering the
session? Maybe a gem doing it? Maybe you have an admin namespace that calls/uses 
a
different session?


I have an admin namespace, but does that effect the normal 'session'
object in any way?

I've done some more tests and setting the session in the RSpec code via
session[:user_id] =|| @user.id definitely works, however when the GET
request starts, the session is empty in the application_controller
before anything else is executed. I still can't figure out where the
session gets lost between RSpec and the app. I reduced the gems to a
minimum set of Rails, Mongoid, BCrypt, Mail, RSpec, Cucumber and
Factory_Girl, but didn't make a difference.

Forgery protection is disabled for test environment.
1df9fc8ddf084661265bbae74a8d0b43?d=identicon&s=25 Justin Ko (Guest)
on 2011-08-25 17:33
(Received via mailing list)
On Thu, Aug 25, 2011 at 7:38 AM, Matthias Siegel
<matthiassiegel@gmail.com>wrote:

>> I'm fairly new to RSpec with Rails and I'm trying to work out how I can
>>    response.code.should eq("302")
>>
>>  end
>> sessions with cookies?
> I have an admin namespace, but does that effect the normal 'session' object
> Forgery protection is disabled for test environment.
>
> _______________________________________________
> rspec-users mailing list
> rspec-users@rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users


I assume you're on the latest version of Rails and RSpec?

Also, I'm going to need to see some code. The spec and the controller
action
(and before_filter).
85d99e7678d8720f6e00ab0f60fe6ea9?d=identicon&s=25 Andrew Premdas (Guest)
on 2011-08-25 19:06
(Received via mailing list)
On 25 August 2011 14:38, Matthias Siegel <matthiassiegel@gmail.com>
wrote:

>> I'm fairly new to RSpec with Rails and I'm trying to work out how I can
>>    response.code.should eq("302")
>>
>>  end
>> sessions with cookies?
> I have an admin namespace, but does that effect the normal 'session' object
> Forgery protection is disabled for test environment.
>
> _______________________________________________
> rspec-users mailing list
> rspec-users@rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users
>

If you are using Cucumber (which is in your minimal set of Gems), you
don't
need to write this sort of test. A Cucumber feature will already cover
this.
RSpec has a wealth of testing tools to cover all sorts of different
environments/conditions/styles. This makes it very easy for you to waste
time writing tests you don't need. For Rails applications with cucumber
and
rspec, you only really need to write model specs and features (if you
keep
your controllers, skinny) *. If a test is difficult to do its always
worth
thinking, Why am I doing this test? Could I do another test thats
easier?

HTH

Andrew

* I don't expect everyone to agree with this
A881776ee6b783550a65c74fa5c1a286?d=identicon&s=25 Matthias Siegel (Guest)
on 2011-08-26 09:11
(Received via mailing list)
On 25/08/2011, at 11:45 PM, Justin Ko wrote:

>>
>>    response.code.should eq("302")
>>
>>
>
> Also, I'm going to need to see some code. The spec and the controller action
(and before_filter).
Yes, I'm running the latest versions of all gems.

I just found this:
http://stackoverflow.com/questions/5235084/testing...

It looks a lot like the issue that I have.

The answer mentions that sessions aren't available in request specs
because of capybara. To be honest I'm not much familiar with what
capybara actually does but I have reproduced this by basically moving
the test into a controller spec, and suddenly the session goes through
and doesn't show up empty in the authorize method of my app.
E3ba60e3dcb813f8abcd7732350e74cf?d=identicon&s=25 Phillip Koebbe (pkoebbe)
on 2011-08-26 16:58
(Received via mailing list)
On 2011-08-25 11:42 AM, Andrew Premdas wrote:
>>
>>
>>
>>
>>         method when trying 'get "/admin/account"'.
>>     What you are doing *should* work. Are there any before_filters
>     is empty in the application_controller before anything else is
>     http://rubyforge.org/mailman/listinfo/rspec-users
> Could I do another test thats easier?
>
> HTH
>
> Andrew
>
> * I don't expect everyone to agree with this

I'm of the same opinion on this issue as you, Andrew. I've been trying
for a long time to keep my controllers skinny, and I've recently been
thinking that the Cucumber suite should be sufficient for covering them.
Like you, though, I expect there are quite a few who disagree. But, hey,
so goes life...

Peace.
1df9fc8ddf084661265bbae74a8d0b43?d=identicon&s=25 Justin Ko (Guest)
on 2011-08-26 17:16
(Received via mailing list)
On Fri, Aug 26, 2011 at 12:12 AM, Matthias Siegel
<matthiassiegel@gmail.com>wrote:

>>
>>> I can't get this one to pass:
>>>  end
>>>
>>>
>>>
>> I've done some more tests and setting the session in the RSpec code via
>>
>
> _______________________________________________
> rspec-users mailing list
> rspec-users@rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users
>

Oh jeez, I thought you were using a controller spec the entire time
because
of the methods being used. Yes, capybara restricts you from accessing
the
session, which is a *good thing* for request specs.
This topic is locked and can not be replied to.