small medium large xlarge

03 Oct 2008, 11:22
Alan Wood (2 posts)

Once the login/security is added, existing functional controller tests are likely to break. I was wondering what the suggested procedure was to cope with such test issues. Obvious testing against the RAILS ENV for test status and bypassing authorization is the simplest way to overcome the problem, but it sets a dangerous precedent. Thus is there a ‘Rails way’ to deal with such functional testing issues where security controls are concerned?

regards Al

03 Oct 2008, 12:21
Sam Ruby (633 posts)

A quick answer for now, and I’ll take a look into adding a more full answer into the book proper:

@request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("username:password")

Do this in the test itself, before you call get, post, or whatever.

03 Oct 2008, 15:03
Alan Wood (2 posts)

HI Sam

I’m actually being an idiot, all the clues are in the functional controllers section (p.209)

Make sure one has a test user in the user fixtures (depot_r/test/fixtures/users.yml ) :

<% SALT = "NaCl" unless defined?(SALT) %> 
name: tester
salt: <%= SALT %> 
hashed_password: <%= User.encrypted_password('secret', SALT) %> 

then use

get :index, {}, { :user_id => users(:tester).id } 

in the test and similar for posts/puts

I couldn’t get the Base 64 stuff to function even with the added fixture however.

Regards Al

You must be logged in to comment