Rails集成测试-如何模拟不良的CSRF令牌和过期的会话 [英] Rails Integration Testing - How to Simulate bad CSRF token and Expired Session

问题描述

我刚刚更改了application_controller.rb中的异常处理代码以正确捕获 ActionController :: InvalidAuthenticityToken .

I just changed exception handling code in my application_controller.rb to correctly capture ActionController::InvalidAuthenticityToken.

我以前正在执行 rescue_from Exception ，该代码是在ActionController :: InvalidAuthenticityToken的recuse_from之后定义的.这是优先事项，我打算执行的抢救代码未执行.

I was previously doing a rescue_from Exception that was defined after the recuse_from ActionController::InvalidAuthenticityToken. This was taking priority and my intended rescue_from code was not being executed.

我想编写一个集成测试来验证此行为.我如何创建一个对象，该对象将允许我将错误的CSRF令牌发送到发布请求以模拟此行为?

I'd like to write an integration test to verify this behavior. How can I create an object that will allow me to send a bad CSRF token to a post request to simulate this behavior?

我还希望有一个对象，该对象可以让我模拟过期的会话以发出get请求.我将如何实施这些集成测试?

I'd also like to have an object that will allow me to simulate an expired session to make a get request. How would I implement these integration tests?

推荐答案

可以使用以下方法模拟不良的CSRF令牌:

A bad CSRF token can be simulated with:

with_forgery_protection do
    post user_session_path, {:authenticity_token => 'foo'}
    assert redirected_to_new_user_session_path
end

可以使用TimeCop gem模拟过期的会话:

An expired session can be simulated using the TimeCop gem:

Timecop.travel 2.days.from.now do
    get some_authorized_path
    assert_redirect_to new_user_session_path
end

这篇关于Rails集成测试-如何模拟不良的CSRF令牌和过期的会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！