[rspec-users] Getting past my login system

Ryan Tucker rctucker at u.washington.edu
Mon Jul 16 22:44:08 EDT 2007


Daniel N wrote:
>
>
> On 7/17/07, *Ryan Tucker* <rctucker at u.washington.edu 
> <mailto:rctucker at u.washington.edu>> wrote:
>
>     Ryan Tucker wrote:
>     > Thank you in advance for your help.  I am relatively new to both
>     Rails
>     > and Rspec and I am hoping for some insight from some experienced
>     veterans.
>     >
>     > Right now I am using Rspec for code that has already been
>     written so
>     > that additional functionality can be developed using the BDD
>     method. My
>     > problem shows up when I try to spec controllers that are behind the
>     > login system.  Each page checks for the session[:user], and if
>     they do
>     > not exists, requires them to login.  Logging in is handled by one
>     > controller (the Admin controller) and I want to access a page under
>     > another controller (say a Students controller).
>     >
>     > In my students_controller_spec.rb, I want want to make sure
>     > http://test.host/students is successfully displayed, so I wrote
>     > something like:
>     >
>     >   it "should be successful" do
>     >     get :index
>     >     response.should be_success
>     >   end
>     >
>     > The problem is that is keeps redirecting to my login page at
>     > http://test.host/login.  I tried then setting session[:user] and
>     doing a
>     > post to my login page to simulate a login so that I could access the
>     > correct page, but that does not seem to work.  I tried a number of
>     > things, including the following:
>     >
>     > def do_login
>     >   @user = User.find(:first, :conditions => ['username = ?' ,
>     'ryan'] )
>     >   session[:user] = @user.id <http://user.id>
>     >   post :login, :path => []
>     > end
>     >
>     > describe StudentsController do
>     >   it "should be successful" do
>     >     do_login
>     >     get :index
>     >     response.should be_success
>     >   end
>     > end
>     >
>     > This still results in being redirected to the login page at
>     > http://test.host/login when I want to go to
>     http://test.host/students.
>     > Also, I realize I am actually doing a call on my test database for
>     > this.  Part of the reason is that code that called during login
>     checks
>     > fields of a user.  The other reason is I could not get it to
>     work using
>     > stubs, but that might just have been because I was not using
>     them properly.
>     >
>     > Any insight will be helpful, thanks!
>     >
>     > -Ryan
>     > _______________________________________________
>     > rspec-users mailing list
>     > rspec-users at rubyforge.org <mailto:rspec-users at rubyforge.org>
>     > http://rubyforge.org/mailman/listinfo/rspec-users
>     >
>     Forgot one thing.
>
>     In trying to do the post, I get the error that "No action
>     responded to
>     login" suggesting that I am not properly accessing the login
>     function in
>     my Admin controller.
>
>     Thanks again,
>     Ryan
>
>
>
> Ryan, the login action is being called on your  StudentsController and 
> so it's not found.
>
> If it's the presence of the session[:user] that tells the 
> before_filter that your logged in, the you don't need to do the post.  
> In fact you shouldn't post, since as you found out if you post to 
> login, your posting to the login action of the controller your 
> currently in.  Bad.  Your setting the session and you shouldn't need 
> to do any more. 
>
> HTH
> Daniel
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> rspec-users mailing list
> rspec-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users
Thanks, Daniel.

That was my understanding as well, but, for some reason, that has not 
been enough.  The post was an attempt to simulate an actual login by 
posting to another controller (I know it was bad...) since just setting 
the session[:user] was not a success.  Thank you for your help though.

Take care,
Ryan


More information about the rspec-users mailing list