功能测试期间身份验证失败
我正在开发一个 Ruby on Rails 应用程序,但我的功能测试遇到了一些问题。特别是,在测试期间,我不断被拒绝访问当通过具有类似凭据(相同角色等)的用户登录时可以在浏览器中访问的页面。例如,以下是控制器测试的代码:(
include Devise::TestHelpers
include Authorization::TestHelper
...
setup do
@user = Factory(:user)
@user.roles << Factory(:refinery_role)
@user.roles << Factory(:agency_role)
@user.save
sign_in @user
@agency = AgencyOrganization.create :name => "Test Agency"
@adv1 = AdvertiserOrganization.create :name => "Test Advertiser", :parent => @agency
UserOrganization.create :user_id => @user.id, :organization_id => @agency.id
end
test "agency user can edit advertiser" do
assert @user.has_role? :agency #passes
should_be_allowed_to :update, :advertiser_organizations #passes
get :edit, {:id => @adv1.id}, {:agency_id => @agency.id}
assert_equal "/unauthorized", request.env['PATH_INFO'] #passes :'(
assert_template :edit #fails
# and more tests we never get to
end
显然,这些并不是我真正想检查的所有断言,但它们演示了正在发生的情况。)
对于它的价值,上述测试失败并出现以下异常提出:
4) Failure:
test_agency_user_can_edit_advertiser(AdvertiserOrganizationsControllerTest [/Users/gworley/.rvm/gems/ruby-1.9.2-p180@portal/gems/declarative_authorization-0.5.1/lib/declarative_authorization/maintenance.rb:170]:
Exception raised:
<#<Authorization::NotAuthorized: No matching rules found for update for #<Authorization::GuestUser:0x00000101cda2b0 @role_symbols=[:guest]> (roles [:guest], privileges [:update, :manage], context :advertiser_organizations).>>.
再次,正如我所说,当您实际运行应用程序时,一切都正常,只是让测试正常工作(尽管应用程序可能只是偶然工作,谁知道呢?)。
I have a Ruby on Rails app that I'm working on and I'm having some problems with my functional tests. In particular, I keep getting denied access during my tests to pages that are possible to access in the browser when logged in through a user with similar credentials (same roles, etc.). For example, here's code from a test for a controller:
include Devise::TestHelpers
include Authorization::TestHelper
...
setup do
@user = Factory(:user)
@user.roles << Factory(:refinery_role)
@user.roles << Factory(:agency_role)
@user.save
sign_in @user
@agency = AgencyOrganization.create :name => "Test Agency"
@adv1 = AdvertiserOrganization.create :name => "Test Advertiser", :parent => @agency
UserOrganization.create :user_id => @user.id, :organization_id => @agency.id
end
test "agency user can edit advertiser" do
assert @user.has_role? :agency #passes
should_be_allowed_to :update, :advertiser_organizations #passes
get :edit, {:id => @adv1.id}, {:agency_id => @agency.id}
assert_equal "/unauthorized", request.env['PATH_INFO'] #passes :'(
assert_template :edit #fails
# and more tests we never get to
end
(Obviously those aren't all assertions I really want to check, but they demonstrate what's going on.)
For what it's worth, the above test fails with the follow exception raised:
4) Failure:
test_agency_user_can_edit_advertiser(AdvertiserOrganizationsControllerTest [/Users/gworley/.rvm/gems/ruby-1.9.2-p180@portal/gems/declarative_authorization-0.5.1/lib/declarative_authorization/maintenance.rb:170]:
Exception raised:
<#<Authorization::NotAuthorized: No matching rules found for update for #<Authorization::GuestUser:0x00000101cda2b0 @role_symbols=[:guest]> (roles [:guest], privileges [:update, :manage], context :advertiser_organizations).>>.
Again, as I said, everything works when you're actually running the app, it's just getting tests to work (although maybe the app is only working by accident, who knows?).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
这是一个盲目的尝试,因为我没有在我的应用程序中使用 Devise,但是我们使用的身份验证系统有一个特性,它只是在会话中设置
:user_id,而该系统会被测试中的会话哈希。我注意到您的测试方法是在会话中设置
:agency_id。尝试完全删除会话哈希,看看您收到的错误是否被替换为缺少
:agency_id而不是身份验证错误,或者将 Devise 用于身份验证的任何会话变量添加到哈希中。This is a shot in the dark because I'm not using Devise in my app, but the authentication system we use has this idiosyncrasy that it's just setting up the
:user_idin the session, which gets clobbered by the session hash in the test.I noticed your test method is setting
:agency_idin the session.Try removing the session hash entirely and seeing if the error you get is replaced by one about the absence of
:agency_idrather than an authentication error, or else add whatever session variable that Devise uses for authentication to the hash.您在设置中缺少
request.env["devise.mapping"] = Devise.mappings[:user]看一下 Devise wiki 了解更多信息。就我个人而言,我会将此登录功能提取到一个单独的模块中,并根据请求包含它。即,
login_user/login_agency_userYou are missing in the setup
request.env["devise.mapping"] = Devise.mappings[:user]Have a look at the Devise wiki for more information. Personally I would extract this login functionality into a separate module and include it on request. i.e,
login_user/login_agency_user不要忘记设置 Authorization.current_user 否则 DA 将不知道谁登录了
Don't forget to set Authorization.current_user or DA won't know who's signed in
是身份验证(您是谁)还是授权(您可以做什么)失败了?如果授权失败,则可能是您使用的 declarative_authorization gem 有问题。如果是身份验证问题,则可能是 Devise gem 或 Devise TestHelpers 的问题。这个类似问题可能会有所帮助。如果没有任何效果,那么也应该可以像这样取消身份验证
Is it authentication (who are you) or authorization (what are you allowed to do) which fails? If authorization fails, then it is maybe a problem with the declarative_authorization gem you use. If it is an authentication problem, then it is probably a problem with the Devise gem or the Devise TestHelpers. This similar question may be helpful. If nothing works, then it should also be possible to stub out authentication like this