设置cookie。在Rails 5控制器集成测试中签名 [英] Setup cookie.signed in Rails 5 controller integration tests
问题描述
想象一下,有一个控制器集成测试调用一个控制器方法的场景,其中 cookie.signed 用于某些完整性检查。
Imagine the scenario that there is a controller integration test calls a controller method, in which cookie.signed is used for some integrity checking.
# app/controllers/foo_controller.rb
def index
entity = FooEntity.find_by_id(params[:id])
if entity.nil?
raise ActionController::BadRequest, 'Could not find requested entity.'
else
@is_authorized = entity.token == cookies.signed[:token]
if @is_authorized
# Success! The path to be tested.
else
raise ActionController::BadRequest, 'Unauthorized cookie token.'
end
end
end
控制器测试
Controller Test
# app/test/controllers/foo_test.rb
require 'test_helper'
class FooControllerTest < ActionDispatch::IntegrationTest
test 'should be working' do
cookies.signed[:token] = '7e5201169ef160e31058d2a1976a5552'
get '/foobar/123'
end
end
但是,我不确定如何获取 cookie.signed 在测试中进行设置。上面的测试代码引发异常:
However, I'm not sure how to get cookie.signed setup in the test. The test code above throws an exception:
NoMethodError:Rack :: Test :: CookieJar:0x007fe90965ccd8的未定义方法'signed'
NoMethodError: undefined method `signed’ for Rack::Test::CookieJar:0x007fe90965ccd8
试图搜索解决方案,但我能找到的最接近的是这篇文章, https://sikac.hu/reconstruct-a-cookie-jar-and-read-signed-sign cookie-in-capybara-f71df387f9ff ,但无法弄清楚如何构造 ActionDispatch :: Request 对象。
Tried to search for a solution, but the closest I could find was this article, https://sikac.hu/reconstruct-a-cookie-jar-and-read-signed-cookie-in-capybara-f71df387f9ff, but couldn't figure out how to construct ActionDispatch::Request object.
推荐答案
这似乎是 Rails 5 及更高版本中的已知错误(链接的问题是关于 cookies.encrypted 的,但同样适用于 cookies。签名)。问题在于,在控制器测试中,cookie罐是一个 Rack :: Test :: CookieJar 类实例,它不支持签名/加密的Cookie 。另一方面,在应用程序本身中,cookie罐是 ActionDispatch :: Cookies :: CookieJar 类实例,它支持这两种特殊的cookie类型。
This seems to be a known bug in Rails 5 and above (the linked issue is about cookies.encrypted but the same applies to cookies.signed). The problem is that in controller tests, the cookie jar is a Rack::Test::CookieJar class instance which does not support signed / encrypted cookies. On the other hand, in the application itself, the cookie jar is a ActionDispatch::Cookies::CookieJar class instance which supports both these special cookie types.
不过,要在控制器测试中仅构造一个签名的cookie,您可以手动创建一个 ActionDispatch 请求cookie罐并使用:
Nevertheless, to just construct a signed cookie in your controller test, you can manually create an ActionDispatch request cookie jar and use that to retrieve the signed cookie value:
# app/test/controllers/foo_test.rb
require 'test_helper'
class FooControllerTest < ActionDispatch::IntegrationTest
test 'should be working' do
my_cookies = ActionDispatch::Request.new(Rails.application.env_config.deep_dup).cookie_jar
my_cookies.signed[:token] = '7e5201169ef160e31058d2a1976a5552'
cookies[:token] = my_cookies[:token]
get '/foobar/123'
end
end
第一行测试将创建一个新的 ActionDispatch 请求,其中应用程序请求默认环境设置(例如,定义用于签署Cookie的秘密)并返回它的Cookie罐。然后,您只需将:token 签名的cookie设置为所需的值(此cookie jar 确实具有签名方法定义为 ActionDispatch :: Cookies :: CookieJar ,而不是 Rack :: Test :: CookieJar )。最后,您通过访问而没有 访问它检索签名的cookie值,并设置相同名称的 test cookie 使用此值。
The first test line creates a new ActionDispatch request with the application requests default environment settings (they define e.g. the secret used for signing cookies) and returns it's cookie jar. Then you simply set the :token signed cookie for the desired value (this cookie jar does have the signed method defined as this is the ActionDispatch::Cookies::CookieJar, not Rack::Test::CookieJar). Finally, you retrieve the signed cookie value by accessing it without the signed accessor and set the same-named test cookie using this value.
现在,当测试到达控制器代码时,控制器应在
Now, when the test reaches the controller code, the controller should see the proper value in the cookies.signed[:token] cookie.
这篇关于设置cookie。在Rails 5控制器集成测试中签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
