[rspec-users] How should you make sure the user is not authenticated

Marcelo de Moraes Serpa celoserpa at gmail.com
Mon Jul 27 12:39:58 EDT 2009

Hey list!

Let's say I have a user story for authentication/login.

I have seen many cucumber scenarios like this:

Scenario: User logs in succesfully

Given I am not authenticated
When I go to the login page

>From what I have seen, the Given steps that check that the user is not
authenticated, simply post to a logout action. I have seen others,
such as directly checking the session for the user id, even though I
IMHO it is not best practice, since the Given steps are for setting
state for the rest of the steps (right?), and this would simply check
for something, and the test would brake if so.

So, it is not a matter of "checking the user is not authenticated",
but of "setting the ground and making sure the user is not
authenticated", which of course, means loggin out the user on this
given step to make sure it is really not-authenticated. The only thing
I think could go wrong is that some log-out algorithms could fail if
you try to logout when already logged-out.

Anyway, just sharing my thoughts, would love to know what others in
the list think about that,


More information about the rspec-users mailing list