Project

rspec-check-auth

0.0
No commit activity in last 3 years
No release in over 3 years
rspec-check-authbrightbox/rspec-check-authHomepageDocumentationSource CodeBug TrackerWiki
Quickly check your rails controller actions require authentication
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
11,667
Stars
5
Forks
0
Watchers
9
 Releases
Current version
0.5.2
Total releases
3
First release
2009-12-03
Latest release
2010-07-01
 Development
Primary Language
Ruby
Average date of last 50 commits
2010-04-21
Reverse Dependencies
0

 Dependencies

Development

rspec
>= 0
 Project Readme

RSpec Check-Auth

Check-Auth makes it easier to test your controller actions require authentication.

Installation

gem install rspec-check-auth

To use check-auth you need to give it a block. This block returns the right bit of code (as a string to be eval'd) for that format. For instance, to check a HTML request it needs to be redirected, but for an XML request it should just be a 403 response.

Here's an example block that expects HTML to be redirected to login_url and XML/JSON requests to be given a 403 response:

CheckAuth.checking_block do |format|
  case format
  when :html
    a = <<-EOF
      response.should be_redirect
      response.location.should == login_url
    EOF
  when :xml
    "response.should be_unauthorised"
  when :json
    "response.should be_unauthorised"
  else
    %Q{raise "#{format} not defined in checking_block"}
  end
end

Usage

require "rspec_check_auth"

CheckAuth knows about different HTTP methods, and can figure out the usual crowd (POST create, DELETE destroy, etc.) You can override the method by passing a :method argument.

check_auth_for do |c|
	c.index
	c.index :method => :post
end

You can test your resourceful controller in one fell swoop too.

check_auth_for {|c| c.resource_actions }

Feel free to add any additional params for the resources, or any normal action.

check_auth_for do |c|
	c.resource_actions :parent_id => "some_id"
	c.parent_info :parent_id => "some_id"
end

By default it tests via HTMl and XML, but adding more or less formats is no issue. Just pass the :format arg.

check_auth_for do |c|
	c.resource_actions :format => :html
	c.parent_info :format => [:html, :json]
end

Only want some of the usual crowd? No problem, just pass the :only param and resource_actions will only include those specified.

check_auth_for {|c| c.resource_actions :only => [:new, :create, :edit, :update] }

And if you don't want some, but want everything else? Pass :except and those specified will be left out.

check_auth_for {|c| c.resource_actions :except => [:new, :create, :edit, :update] }

And finally here's a proper example from a Brightbox controller spec.

check_auth_for do |c|
	c.resource_actions
	c.index :format => :json # above line does html/xml
	c.find_available_items :parent_id => 0, :size => 0, :format => :xml
	c.mailer :id => "some_id"
	c.mailer :method => :post, :id => "some_id"
end

Licence

See LICENCE