[rspec-users] post authentication token

Mark Thomson mark.thomson at ieee.org
Tue Oct 7 08:36:14 EDT 2008

Hmm, thanks. Still not sure if I'm diagnosing my problem correctly. Just 
to be clear, I don't have any user authentication going on, just a 
regular Rails button_to call. I tried installing webrat and put "visits 
'/' " in my "given" step and "clicks_button" in my "when" step. However 
I get an error from my_story.rb - "No such file or directory - open 

Presumably my issue would also apply in posting a form in a regular 
Rails integration test. The example on pp207-208 of AWDR  doesn't 
suggest that anything needs to be done in a post call to achieve session 
authentication. And I see here - 
that forgery protection is actually turned off in testing - which I've 
confirmed in my config/environments/test.rb. So maybe I have some other 
problem causing my response test to fail. Any other suggestions would be 


Matt Wynne wrote:
> This is actually a pretty tough problem for a newbie, and sent me 
> reeling away from the story runner with my gumption in tatters the 
> first time I tried it.
> You could probably figure out how to post an authentication token in 
> the HTTP headers if you use the basic underlying rails integration 
> session method post(), but you may be better off just walking through 
> the steps a real user would carry out in order to log in:
> Given /logged in/ do
>     visits "/login"
>     fills_in :username, "Matt"
>     fills_in :password, "secret"
>     presses_button
> end
> This is what we do, and though instinctively it feels a little bit 
> slow and clunky to do this at the top of every scenario that requires 
> the user to be authenticated, in practice it's working fine for us, 
> and I actually find it rather nice to know you're only vaguely coupled 
> to the implementation.
> Note that these steps above use the 'webrat' library which is the 
> de-facto way to talk to your rails app from feature steps.
> On 7 Oct 2008, at 02:52, Mark Thomson wrote:
>> Hi, I have a simple story that involves the user clicking a button 
>> and a new page being rendered. Seems like a simple situation, but 
>> it's testing my limited knowledge. The problem I have is my response 
>> test is failing, and I'm guessing it's because the button click is 
>> meant to submit a post request with an authentication token, which 
>> would therefore have to be included in the post call in my scenario's 
>> "when" step. My question is how do I go about determining the 
>> required value of the authentication_token? Or am I just really 
>> confused?
>> Mark.
>> _______________________________________________
>> rspec-users mailing list
>> rspec-users at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/rspec-users
> _______________________________________________
> rspec-users mailing list
> rspec-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users

More information about the rspec-users mailing list