[rspec-users] Tests that require a logged in user / session cookie

Matthias Siegel matthiassiegel at gmail.com
Fri Aug 26 02:12:33 EDT 2011


On 25/08/2011, at 11:45 PM, Justin Ko wrote:

> 
> 
> On Thu, Aug 25, 2011 at 7:38 AM, Matthias Siegel <matthiassiegel at gmail.com> wrote:
> 
> On 25/08/2011, at 11:10 AM, Justin Ko wrote:
> 
>> 
>> 
>> On Wed, Aug 24, 2011 at 6:40 PM, Matthias Siegel <matthiassiegel at gmail.com> wrote:
>> Hi,
>> 
>> I'm fairly new to RSpec with Rails and I'm trying to work out how I can write request specs for resources that require a logged in user.
>> 
>> I can't get this one to pass:
>> 
>> 
>> describe "GET /admin/account" do
>> 
>>  it "should have a 200 status code when logged in" do
>>    post "/login", { :email => @user.email, :password => @user.password }
>>    response.should redirect_to("/admin")
>>    response.code.should eq("302")
>>    get "/admin/account"
>>    response.code.should eq("200")
>>  end
>> 
>> end
>> 
>> 
>> The login post part works fine and the session gets created correctly in the login method, but then the test fails at 'get "/admin/account"' because the session suddenly is empty.
>> 
>> I have tried another approach where I set the session manually, to simulate a logged in user:
>> 
>> 
>> describe "GET /admin/account" do
>> 
>>  it "should have a 200 status code when logged in" do
>>    session[:user_id] ||= @user.id
>>    get "/admin/account"
>>    response.code.should eq("200")
>>  end
>> 
>> end
>> 
>> 
>> But again the session arrives empty in my authorisation method when trying 'get "/admin/account"'.
>> 
>> My guess is that it fails because the session relies on cookies and in test mode there obviously is no browser and no cookie.
>> Are there ways to simulate a logged in user in an app that creates sessions with cookies?
>> 
>> Thanks for any suggestions
>> 
>> What you are doing *should* work. Are there any before_filters altering the session? Maybe a gem doing it? Maybe you have an admin namespace that calls/uses a different session?
> 
> 
> I have an admin namespace, but does that effect the normal 'session' object in any way?
> 
> I've done some more tests and setting the session in the RSpec code via session[:user_id] =|| @user.id definitely works, however when the GET request starts, the session is empty in the application_controller before anything else is executed. I still can't figure out where the session gets lost between RSpec and the app. I reduced the gems to a minimum set of Rails, Mongoid, BCrypt, Mail, RSpec, Cucumber and Factory_Girl, but didn't make a difference.
> 
> Forgery protection is disabled for test environment.
> 
> 
> 
> I assume you're on the latest version of Rails and RSpec?
> 
> Also, I'm going to need to see some code. The spec and the controller action (and before_filter). 


Yes, I'm running the latest versions of all gems.

I just found this:
http://stackoverflow.com/questions/5235084/testing-sessions-in-rails-3-with-rspec-capybara

It looks a lot like the issue that I have.

The answer mentions that sessions aren't available in request specs because of capybara. To be honest I'm not much familiar with what capybara actually does but I have reproduced this by basically moving the test into a controller spec, and suddenly the session goes through and doesn't show up empty in the authorize method of my app.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/rspec-users/attachments/20110826/8c7b4666/attachment.html>


More information about the rspec-users mailing list