[rspec-users] step definitons to check login
pergesu at gmail.com
Wed Dec 17 10:07:28 EST 2008
James Byrne <lists at ruby-forum.com> writes:
> Zach Dennis wrote:
>> On Tue, Dec 16, 2008 at 8:30 PM, Zach Dennis <zach.dennis at gmail.com>
>>> I know why you're doing it, but I just want to know *why* you're doing
>>> it? Can you not tell through the application itself that someone is
>>> logged in, logged out, and verify their identity without having to
>>> expose the internals?
> In my case I am exploring the whole nature of BDD. Since experience,
> much of it bad, is the best teacher I am trying to cram as much of it as
> possible into the front end; before it gets expensive.
> Testing whether or not the application can detect and distinguish
> between authenticated and non-authenticate requests where it matters is
> important in my opinion. The situation being that some parts are
> accessible anonymously and some are not. It might be considered
> desirable to limit access to things like the log in form only to
> non-authenticated requests. It such a feature is required then the
> means to test for it must be provided as well.
I think Zach's point was that you can tell that someone is logged in if
you see a "edit your profile" link somewhere, and they're not logged in
if you see a "log in" link on the page. Yes, of course it's useful to
know whether someone is authenticated or not...but you can test that
through properties of your own app, rather than digging under the hood
and calling the auth system directly.
More information about the rspec-users