[rspec-users] Testing arbitrary post action parameters
lists at ruby-forum.com
Fri Jan 16 13:00:36 EST 2009
I am working on our (newly renamed) authentication feature. The current
Scenario: Non-administrators should not set administrator ability
Given I have no users
And I add a user named "admin" as an administrator
And I add a user named "myuser" as not an administrator
When the user named "myuser" authenticates
And the user enables the administrator role
Then the user named "myuser" should not be an administrator
Now, what I am looking for is an example of how an authenticated user
would craft a post request in their browser to set the
user.administrator flag to true.
Crafting these sorts of http requests may be obvious and simple to some
of you, but I have no clue how this is done.
On some lists, asking questions on how to breach security are themselves
a breach of list etiquette. If this is the case here then I ask your
indulgence and the favour of a private reply if that is deemed more
suitable. I do require the information though, since I have to defend
Posted via http://www.ruby-forum.com/.
More information about the rspec-users