[rspec-users] Getting past my login system

Daniel N has.sox at gmail.com
Mon Jul 16 23:38:47 EDT 2007 

On 7/17/07, Ryan Tucker <rctucker at u.washington.edu> wrote:
>
> Daniel N wrote:
> >
> >
> > On 7/17/07, *Ryan Tucker* <rctucker at u.washington.edu
> > <mailto:rctucker at u.washington.edu>> wrote:
> >
> >     Ryan Tucker wrote:
> >     > Thank you in advance for your help.  I am relatively new to both
> >     Rails
> >     > and Rspec and I am hoping for some insight from some experienced
> >     veterans.
> >     >
> >     > Right now I am using Rspec for code that has already been
> >     written so
> >     > that additional functionality can be developed using the BDD
> >     method. My
> >     > problem shows up when I try to spec controllers that are behind
> the
> >     > login system.  Each page checks for the session[:user], and if
> >     they do
> >     > not exists, requires them to login.  Logging in is handled by one
> >     > controller (the Admin controller) and I want to access a page
> under
> >     > another controller (say a Students controller).
> >     >
> >     > In my students_controller_spec.rb, I want want to make sure
> >     > http://test.host/students is successfully displayed, so I wrote
> >     > something like:
> >     >
> >     >   it "should be successful" do
> >     >     get :index
> >     >     response.should be_success
> >     >   end
> >     >
> >     > The problem is that is keeps redirecting to my login page at
> >     > http://test.host/login.  I tried then setting session[:user] and
> >     doing a
> >     > post to my login page to simulate a login so that I could access
> the
> >     > correct page, but that does not seem to work.  I tried a number of
> >     > things, including the following:
> >     >
> >     > def do_login
> >     >   @user = User.find(:first, :conditions => ['username = ?' ,
> >     'ryan'] )
> >     >   session[:user] = @user.id <http://user.id>
> >     >   post :login, :path => []
> >     > end
> >     >
> >     > describe StudentsController do
> >     >   it "should be successful" do
> >     >     do_login
> >     >     get :index
> >     >     response.should be_success
> >     >   end
> >     > end
> >     >
> >     > This still results in being redirected to the login page at
> >     > http://test.host/login when I want to go to
> >     http://test.host/students.
> >     > Also, I realize I am actually doing a call on my test database for
> >     > this.  Part of the reason is that code that called during login
> >     checks
> >     > fields of a user.  The other reason is I could not get it to
> >     work using
> >     > stubs, but that might just have been because I was not using
> >     them properly.
> >     >
> >     > Any insight will be helpful, thanks!
> >     >
> >     > -Ryan
> >     > _______________________________________________
> >     > rspec-users mailing list
> >     > rspec-users at rubyforge.org <mailto:rspec-users at rubyforge.org>
> >     > http://rubyforge.org/mailman/listinfo/rspec-users
> >     >
> >     Forgot one thing.
> >
> >     In trying to do the post, I get the error that "No action
> >     responded to
> >     login" suggesting that I am not properly accessing the login
> >     function in
> >     my Admin controller.
> >
> >     Thanks again,
> >     Ryan
> >
> >
> >
> > Ryan, the login action is being called on your  StudentsController and
> > so it's not found.
> >
> > If it's the presence of the session[:user] that tells the
> > before_filter that your logged in, the you don't need to do the post.
> > In fact you shouldn't post, since as you found out if you post to
> > login, your posting to the login action of the controller your
> > currently in.  Bad.  Your setting the session and you shouldn't need
> > to do any more.
> >
> > HTH
> > Daniel
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > rspec-users mailing list
> > rspec-users at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/rspec-users
> Thanks, Daniel.
>
> That was my understanding as well, but, for some reason, that has not
> been enough.  The post was an attempt to simulate an actual login by
> posting to another controller (I know it was bad...) since just setting
> the session[:user] was not a success.  Thank you for your help though.
>
> Take care,
> Ryan


Can you post your before_filter method that checks if your logged in?

Also your login method in your Admin controller.

Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/rspec-users/attachments/20070717/f06acd2a/attachment.html

More information about the rspec-users mailing list