在 Rails 2.2+ 中测试 HTTP 基本身份验证 [英] Testing HTTP Basic Auth in Rails 2.2+
问题描述
作为我正在构建的 API 的一部分,有一种用户身份验证方法,成功后会返回有用的用户信息、API 令牌等的有效负载.
As part of an API I am building, there is a user authentication method which upon success, returns a payload of useful user information, API token, etc.
在为处理此问题的控制器编写功能测试时,我遇到了测试 HTTP Basic auth 的问题;我发现许多博客都提到以下代码应该用于欺骗标头以进行身份验证尝试:
In writing functional tests for the controller that handles this, I am running in to an issue testing HTTP Basic auth; I have found numerous blogs that mention the following code should be used to spoof headers for an authentication attempt:
@request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(email, pass)
问题是这没有效果;authenticate_with_http_basic 看不到标头,因此即使存在有效凭据也会返回 false.
The issue is that this has no effect; authenticate_with_http_basic does not see the headers and therefore is returning false even in the presence of valid credentials.
我错过了什么吗?
请注意,如果这对回答有用,应用程序将冻结到 Rails 2.2.2.
Note that the app is frozen to Rails 2.2.2 if that is useful in answering.
推荐答案
我不确定这是否有帮助,但我只是在自己的应用程序中进行了这些测试之一,除了我使用的是 Rails 2.3.2.
I'm not sure if this helps, but I just made one of these tests in my own application, except I'm using Rails 2.3.2.
在我的情况下,陷阱是我忘记为用户添加固定装置,所以 crypted_password 不匹配(为什么它有任何价值对我来说仍然是一个谜......我猜 Rails 没有'在运行测试之前不清理测试数据库?)
In my case, the pitfall was that I had forgotten to put in the fixtures for users, so the crypted_password didn't match (why it had any value at all is still a mystery to me... I guess Rails didn't clean the test database before running the test?)
class DonglesControllerTest < ActionController::TestCase
fixtures :users
test "index api" do
@request.env['HTTP_AUTHORIZATION'] = encode_credentials('one', 'one')
get(:index, { :name_contains => 'XXXX0001', :format => 'json' })
assert_equal 'application/json', @response.content_type
dongles = ActiveResource::Formats::JsonFormat.decode(@response.body)
expected_dongles = [
{ 'id' => 1,
'name' => 'XXXX0001',
'key_id' => 'usbstordisk&ven_flash&prod_drive_sm_usb20&rev_1100�000000000000000&0' }
]
assert_equal expected_dongles, dongles
end
private
# verbatim, from ActiveController's own unit tests
def encode_credentials(username, password)
"Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
end
end
这篇关于在 Rails 2.2+ 中测试 HTTP 基本身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
