Rails - 失去与集成测试和Capybara - CSRF相关的会话? [英] Rails - Losing session with Integration Tests and Capybara - CSRF related?
问题描述
我遇到的问题是,当我进行集成测试时,来自capybara的机架测试驱动程序似乎完全失去了用户的登录会话,实际上,会话似乎完全清除了。
经过几天的调试,我完全失去了为什么。逐行走过中间件堆栈,我相信我已经将问题排除在导致此问题的 ActiveRecord :: SessionStore 中。我已经阅读了这里,Rails将会清除会话,如果它可以'验证CSRF令牌,这让我相信我有一些配置错误,由于某种原因,这个测试没有正确地验证CSRF令牌。
这是在/ initializers目录中的session_store.rb中的内容:
MyApp :: Application.config.session_store:active_record_store $有谁知道关于CSRF保护的任何人都有任何关于为什么会发生这样的事情的人?b $ b
<
此外,还有一些事情要注意:
- 尝试在浏览器本身测试实际工作,只有这一个测试正在删除会话
- 会话似乎在提交表单之后删除操作网址到另一个服务器。我在测试中使用VCR gem来捕获对这个外部服务器的请求/响应,而且我相信我已经将外部请求作为问题排除了,这可能与CSRF令牌无法验证有直接关系,因此清除会话。
- 涉及登录/使用会话的其他测试不会删除会话
<任何人都可以给我任何关于这里正在发生的事情,为什么一个测试似乎是任意地放弃会话并失败在我身上?我已经做了大量的调试,并尝试了我可以想到的一切。
我刚刚收到水瓶箱我有一个类似的问题。
我正在尝试登录一个这样的用户:
post user_session_path,:user => {:email => user.email,:password => 'superpassword'}
这是工作正常,直到我试图做一些与水豚的事情,如访问一个页面,只是测试用户是否登录。这个简单的测试没有通过:
访问root_path
页面.should has_content(logout)#if用户登录后,应该出现退出链接
起初我以为水豚正在清理会议,但我错了。花了我一段时间才意识到的是,司机capybara正在使用自己的会话,所以从capybara的角度来看,我的用户没有登录。为此,你必须这样做>
page.driver.post user_session_path,:user => {:email => user.email,:password => 'superpassword'}
不知道是否这样,但希望有帮助。
I'm using Rails 3.1.0.rc4 and I'm working on doing integration tests with capybara's new Steak-like DSL and Rspec (using Devise authentication)
The issue I'm having is that when I run an integration test, the rack-test driver from capybara seems to just completely lose the user's logged in session, in fact, the session seems to just clear out altogether.
After days of debugging, I'm at a complete loss as to why. Going line by line through the middleware stack, I believe I've ruled the problem down to something going on in the ActiveRecord::SessionStore that is causing this. I've read here that Rails will clear out a session if it can't validate the CSRF token, which leaves me to believe that I've got something configured wrong, and for some reason this one test is not authenticating the CSRF token correctly.
This is what is in my session_store.rb in the /initializers directory:
MyApp::Application.config.session_store :active_record_store
Does anyone who knows about CSRF protection in rails have any leads on why this may be happening?
Also, here are some things to note:
- the thing I'm trying to test actually works within the browser itself, only this one test is dropping the session
- the session seems to get dropped after the submission of a form to which the action url is to another server. I'm using the VCR gem for capturing the requests/responses to this external server in the test, and while I believe I've ruled the external request as the problem, this may have something directly to do with the CSRF token not authenticating, thus clearing out the session.
- other tests involving logging in / using sessions are not dropping sessions
Can anyone give me any leads as to what is going on here exactly, and why the one test just seems to arbitrarily drop its session and fail on me? I've done lots of debugging and have tried everything I can possible think of.
I'm new to capybara too and I was having a similar problem.
I was trying to login a user doing something like this:
post user_session_path, :user => {:email => user.email, :password => 'superpassword'}
And that was working ok until I tried to do something with capybara, such as visiting a page and just testing if the user was logged in. This simple test was not passing:
visit root_path
page.should have_content("logout") #if the user is logged in then the logout link should be present
At first I thought capybara was clearing the sessions but I was wrong. The thing that took me some time to realize is that the driver capybara is using handles its own sessions, so, from the point of view of capybara my user was never logged in. To do so you have to do it like this
page.driver.post user_session_path, :user => {:email => user.email, :password => 'superpassword'}
Not sure if this is your case, but hope that helps.
这篇关于Rails - 失去与集成测试和Capybara - CSRF相关的会话?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
