Rails - 失去与集成测试和 Capybara 的会话 - CSRF 相关? [英] Rails - Losing session with Integration Tests and Capybara - CSRF related?

问题描述

我正在使用 Rails 3.1.0.rc4，我正在使用 capybara 的新 Steak-like DSL 和 Rspec(使用 Devise 身份验证)进行集成测试

I'm using Rails 3.1.0.rc4 and I'm working on doing integration tests with capybara's new Steak-like DSL and Rspec (using Devise authentication)

我遇到的问题是，当我运行集成测试时，来自 capybara 的机架测试驱动程序似乎完全丢失了用户的登录会话，实际上，会话似乎完全清除了.

The issue I'm having is that when I run an integration test, the rack-test driver from capybara seems to just completely lose the user's logged in session, in fact, the session seems to just clear out altogether.

经过几天的调试，我完全不知道为什么.逐行浏览中间件堆栈，我相信我已经将问题归结为导致此问题的 ActiveRecord::SessionStore 中发生的某些事情.我已经阅读此处，Rails 会在可以的情况下清除会话't 验证 CSRF 令牌，这让我相信我配置错误，并且由于某种原因，这个测试没有正确验证 CSRF 令牌.

After days of debugging, I'm at a complete loss as to why. Going line by line through the middleware stack, I believe I've ruled the problem down to something going on in the ActiveRecord::SessionStore that is causing this. I've read here that Rails will clear out a session if it can't validate the CSRF token, which leaves me to believe that I've got something configured wrong, and for some reason this one test is not authenticating the CSRF token correctly.

这是我在/initializers 目录中的 session_store.rb 中的内容:

This is what is in my session_store.rb in the /initializers directory:

MyApp::Application.config.session_store :active_record_store

了解 Rails 中 CSRF 保护的任何人都知道为什么会发生这种情况吗?

Does anyone who knows about CSRF protection in rails have any leads on why this may be happening?

另外，这里有一些注意事项:

Also, here are some things to note:

• 我试图测试的东西实际上在浏览器本身内有效，只有这个测试是删除会话
• 在将操作 url 指向另一台服务器的表单提交后，会话似乎被删除.我正在使用 VCR gem 在测试中捕获对这个外部服务器的请求/响应，虽然我相信我已经将外部请求视为问题，但这可能与 CSRF 令牌没有进行身份验证有直接关系，从而清除会话.
• 其他涉及登录/使用会话的测试不会删除会话

谁能给我任何关于这里发生了什么的线索，为什么一个测试似乎随意放弃了它的会话并在我身上失败了?我已经进行了大量调试并尝试了所有我能想到的方法.

Can anyone give me any leads as to what is going on here exactly, and why the one test just seems to arbitrarily drop its session and fail on me? I've done lots of debugging and have tried everything I can possible think of.

推荐答案

我也是水豚的新手，遇到了类似的问题.

I'm new to capybara too and I was having a similar problem.

我试图登录一个用户做这样的事情:

I was trying to login a user doing something like this:

post user_session_path, :user => {:email => user.email, :password => 'superpassword'}

在我尝试对水豚做一些事情之前，这一切正常，例如访问页面并测试用户是否已登录.这个简单的测试没有通过:

And that was working ok until I tried to do something with capybara, such as visiting a page and just testing if the user was logged in. This simple test was not passing:

visit root_path
page.should have_content("logout") #if the user is logged in then the logout link should be present

起初我以为水豚正在清理会话，但我错了.我花了一些时间才意识到驱动程序 capybara 正在使用处理自己的会话，因此，从水豚的角度来看，我的用户从未登录过.要这样做，您必须这样做

At first I thought capybara was clearing the sessions but I was wrong. The thing that took me some time to realize is that the driver capybara is using handles its own sessions, so, from the point of view of capybara my user was never logged in. To do so you have to do it like this

page.driver.post user_session_path, :user => {:email => user.email, :password => 'superpassword'}

不确定这是否是您的情况，但希望有所帮助.

Not sure if this is your case, but hope that helps.

这篇关于Rails - 失去与集成测试和 Capybara 的会话 - CSRF 相关?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！