在RSpec测试中跳过Rails http_basic_authenticate_with
[英]Skip Rails http_basic_authenticate_with in RSpec test
问题描述
I'm working on a MVP (minimum viable product). 
我正在研究MVP(最低可行产品)。 In order to offer a simpler way to secure the admin pages, I just did add http_basic_authenticate_with to my AdminController. 为了提供一种更简单的方法来保护管理页面,我只是将http_basic_authenticate_with添加到我的AdminController中。
Problem is that when I want to test my AdminController, I get "unauthorized" (401) for not being logged in. 问题是当我想测试我的AdminController时,我得到“未授权”(401)因为没有登录。
In this scenario, it's irrelevant to test the authentication - it's just temporary, and as soon I go to the next sprint, it's going to removed -, so I'm trying to skip it within RSpec. 在这种情况下,测试身份验证无关紧要 - 它只是暂时的,一旦我进入下一个sprint,它就会被删除 - 所以我试图在RSpec中跳过它。
Problem is I tried many ways, and none seems to be working. 问题是我尝试了很多方法,但似乎都没有。
For example, I tried to modify the http_basic_authenticate_with in order to avoid the authentication. 例如,我尝试修改http_basic_authenticate_with以避免身份验证。 Like this: 像这样:
require 'spec_helper'
module ActionController
module HttpAuthentication
module Basic
def http_basic_authenticate_with(*args)
end
end
end
end
describe Admin::SubscribersController do
describe "GET 'index'" do
it "should be OK" do
get 'index'
response.should be_successful
end
end
end
But when I run it, it still returns "false" for that simple test. 但是当我运行它时,对于那个简单的测试,它仍然会返回“false”。
Btw, in order to simplify this test, I just have an empty index action on my AdminController and an empty view (index.html.erb). 顺便说一句,为了简化这个测试,我只在我的AdminController上有一个空的索引操作和一个空视图(index.html.erb)。
4 个解决方案
解决方案1
4 已采纳 2011-10-18 16:20:42
Finally I got it working. 最后,我得到了它的工作。
Something as stated in the docs didn't work for me: 文档中陈述的内容对我不起作用:
get 'index', nil, 'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Basic.encode_credentials("admin", "password")
So I tried an "old" approach to do it, which is to set request.env['HTTP_AUTHORIZATION'] : 所以我尝试了一种“旧的”方法,即设置request.env ['HTTP_AUTHORIZATION'] :
request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials("admin","password")
None of the other solutions worked, so I will just keep in the meanwhile with this one. 没有其他解决方案有效,所以我将与此保持同步。
Thanks. 谢谢。
解决方案2
3 2014-11-12 21:05:44
If it is ok to skip authentication for all tests for a controller, here's the technique I'm using on a current project. 如果可以跳过对控制器的所有测试的身份验证,这是我在当前项目中使用的技术。
unless Rails.env.test?
http_basic_authenticate_with name: "slothbear", password: "kuniklo"
end
解决方案3
1 2019-05-25 19:47:34
In Rails 5.x, this works: 在Rails 5.x中,这有效:
allow(subject).to receive(:authenticate_or_request_with_http_basic)
.with(anything).and_return true
In Rails 6.x, this works: 在Rails 6.x中,这有效:
allow(subject).to receive(:http_basic_authenticate_or_request_with)
.with(anything).and_return true
This is because http_basic_authenticate_with is a class-level method that adds a before_action that actually calls one of these two methods under the hood. 这是因为http_basic_authenticate_with是一个类级方法,它添加了一个实际调用这两种方法之一的before_action 。
You can see which one to use by checking out http_authentication.rb here for Rails 6 or here for Rails 5 您可以通过在这里查看Rails 6的 http_authentication.rb或Rails 5来查看使用哪一个
解决方案4
0 2011-10-13 19:31:12
You can or even should test authentication. 您甚至可以测试身份验证。 Write test for unauthenticated (it is now) and authenticated. 编写未经身份验证(现在是)并经过身份验证的测试。 See Testing HTTP Basic Auth in Rails 2.2+ it should help. 请参阅在Rails 2.2+中测试HTTP Basic Auth,它应该有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.