[rspec-users] How should you make sure the user is not authenticated

Matt Wynne matt at mattwynne.net
Tue Jul 28 04:38:20 EDT 2009

On 27 Jul 2009, at 17:39, Marcelo de Moraes Serpa wrote:

> Hey list!
> Let's say I have a user story for authentication/login.
> I have seen many cucumber scenarios like this:
> Scenario: User logs in succesfully
> Given I am not authenticated
> When I go to the login page
> ...
>> From what I have seen, the Given steps that check that the user is  
>> not
> authenticated, simply post to a logout action. I have seen others,
> such as directly checking the session for the user id, even though I
> IMHO it is not best practice, since the Given steps are for setting
> state for the rest of the steps (right?), and this would simply check
> for something, and the test would brake if so.
> So, it is not a matter of "checking the user is not authenticated",
> but of "setting the ground and making sure the user is not
> authenticated", which of course, means loggin out the user on this
> given step to make sure it is really not-authenticated. The only thing
> I think could go wrong is that some log-out algorithms could fail if
> you try to logout when already logged-out.
> Anyway, just sharing my thoughts, would love to know what others in
> the list think about that,

My equivalent step is implemented like this:

Given /I am not logged in/ do
   # of course you're not logged in!

Don't forget the session is thrown away for each scenario, so if  
you're starting a new scenario you wont' be logged in, by default.


+447974 430184
matt at mattwynne.net

More information about the rspec-users mailing list