在 Rails 2.2 中测试 HTTP 基本身份验证

发布于 2024-07-27 12:02:47 字数 445 浏览 7 评论 0原文

作为我正在构建的 API 的一部分，有一个用户身份验证方法，成功后会返回有用的用户信息、API 令牌等有效负载。

在为处理此问题的控制器编写功能测试时，我遇到了一个问题测试 HTTP 基本身份验证；我发现许多博客提到应使用以下代码来欺骗标头以进行身份验证尝试：

@request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(email, pass)

问题是这没有效果； authenticate_with_http_basic 看不到标头，因此即使存在有效凭据也会返回 false。

我错过了什么吗？

请注意，如果这对回答有用，则该应用程序将冻结到 Rails 2.2.2。

原文

As part of an API I am building, there is a user authentication method which upon success, returns a payload of useful user information, API token, etc.

In writing functional tests for the controller that handles this, I am running in to an issue testing HTTP Basic auth; I have found numerous blogs that mention the following code should be used to spoof headers for an authentication attempt:

@request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(email, pass)

The issue is that this has no effect; authenticate_with_http_basic does not see the headers and therefore is returning false even in the presence of valid credentials.

Am I missing something?

Note that the app is frozen to Rails 2.2.2 if that is useful in answering.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

jJeQQOZ5 2024-08-03 12:02:47

我不确定这是否有帮助，但我只是在自己的应用程序中进行了其中一项测试，除了我使用的是 Rails 2.3.2。

就我而言，陷阱是我忘记为用户放入固定装置，因此 crypted_password 不匹配（为什么它有任何价值对我来说仍然是个谜......我猜 Rails 没有清理）运行测试之前测试数据库？）

class DonglesControllerTest < ActionController::TestCase
  fixtures :users

  test "index api" do
    @request.env['HTTP_AUTHORIZATION'] = encode_credentials('one', 'one')

    get(:index, { :name_contains => 'XXXX0001', :format => 'json' })

    assert_equal 'application/json', @response.content_type
    dongles = ActiveResource::Formats::JsonFormat.decode(@response.body)

    expected_dongles = [
      { 'id' => 1,
        'name' => 'XXXX0001',
        'key_id' => 'usbstor\disk&ven_flash&prod_drive_sm_usb20&rev_1100\0000000000000000&0' }
    ]

    assert_equal expected_dongles, dongles
  end

  private

  # verbatim, from ActiveController's own unit tests
  def encode_credentials(username, password)
    "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
  end
end

I'm not sure if this helps, but I just made one of these tests in my own application, except I'm using Rails 2.3.2.

In my case, the pitfall was that I had forgotten to put in the fixtures for users, so the crypted_password didn't match (why it had any value at all is still a mystery to me... I guess Rails didn't clean the test database before running the test?)

class DonglesControllerTest < ActionController::TestCase
  fixtures :users

  test "index api" do
    @request.env['HTTP_AUTHORIZATION'] = encode_credentials('one', 'one')

    get(:index, { :name_contains => 'XXXX0001', :format => 'json' })

    assert_equal 'application/json', @response.content_type
    dongles = ActiveResource::Formats::JsonFormat.decode(@response.body)

    expected_dongles = [
      { 'id' => 1,
        'name' => 'XXXX0001',
        'key_id' => 'usbstor\disk&ven_flash&prod_drive_sm_usb20&rev_1100\0000000000000000&0' }
    ]

    assert_equal expected_dongles, dongles
  end

  private

  # verbatim, from ActiveController's own unit tests
  def encode_credentials(username, password)
    "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
  end
end

回复收藏 0 原文

~没有更多了~