This is a brief post showing you some functional test examples that test site authentication. I'm testing both format:html (via sessions), and format:xml (via HTTP Basic Auth).
Format HTML tests (session authorization):
test "should show user's account when logged in" do get :account, { :id => @user.to_param }, { :user => @user.to_param } assert_response :success end
test "shouldn't show user's account when not logged in" do get :account, { :id => @user.to_param } assert_redirected_to new_session_path end
test "shouldn't get edit as logged in as different user" do get :edit, { :id => @other_user.to_param }, { :user => @user.to_param } assert_redirected_to user_path(@other_user) end
Format XML Tests (http_auth authorization):
test "shouldn't show account (xml) without http_auth provided" do get :account, { :format => 'xml', :id => @user.to_param }, { :user => @user.to_param } assert_response :unauthorized end
test "should show account (xml) with http_auth provided" do @request.env['HTTP_AUTHORIZATION'] = encode_credentials(@user.user_name, password_for(@user)) get :account, { :format => 'xml', :id => @user.to_param } assert_response :success end
test "shouldn't show account (xml) with bad http_auth provided" do @request.env['HTTP_AUTHORIZATION'] = encode_credentials('foo', 'bar') get :account, { :format => 'xml', :id => @user.to_param } assert_response :unauthorized end
N.B.
Assumes that in your test helper files you have a
password_for(user)
method.Assumes the following test setup:
setup do @user = users(:joe) @other_user = users(:jane) end