[rspec-users] Testing arbitrary post action parameters

James Byrne lists at ruby-forum.com
Fri Jan 16 15:25:50 EST 2009

Pat Maddox wrote:

> I assume you don't though, cause that'd be kinda weird.  How about
> passing it in the POST params:
> put users_url(user), :user => {:administrator => true}
> Something along those lines...

That is the problem, I am not sure what syntax to use int the step 
definition. I tried this:

  visits "#{edit_user_path}?user[administrator]=1"

Which produces the same type of url that the RoR security guide uses in 
its examples:


Whereas I generate

 HTTP headers 

But this URL attack does not seem to work as advertised.  The key 
"administrator" does not make it into the params hash:

200 OK [http://www.example.com/account/edit?user[administrator]=1]
REQUESTING PAGE: POST /account with {
 "email"=>"myuser at example.com",

I realize this is a silly thing to ask, but how do you do this for 

Posted via http://www.ruby-forum.com/.

More information about the rspec-users mailing list