Writing a Test/Method for HTTP Digest Authentication

Question

How would I write a method to be used in rspec testing to access pages that require a username and password for HTTP Digest Authentication. For example, this test...

it "edit" do
  http_login
  post :edit, id: @post
  assigns[:post].should eq(@post)
end

needs http_login method to be something like this...

def http_login

 user = {"username" => 
 Digest::MD5.hexdigest(["username","Application","password"].join(":"))} 

 request.env['HTTP_AUTHORIZATION'] = 
 ActionController::HttpAuthentication::Digest.encode_credentials(?,?,?,?)
end

My question is what do I put in the four arguments for the encode credentials. The arguments are going to be http_method, credentials, password, password_is_ha1 but I'm unsure how to write http_method and credentials to implement in the tests.

(nope. this is for basic). Looks to be answered here http://stackoverflow.com/questions/3768718/rails-rspec-make-tests-to-pass-with-http-basic-authentication — Philip Hallstrom, Nov 17 '12 at 02:43
That's for basic http authentication. I'm doing digest http authentication. — thank_you, Nov 17 '12 at 02:46
Hmm.. I'll test it out later tonight. It looks easy to use. If it works I'll let you know and give you credit for the answer if you post it as an answer. — thank_you, Nov 17 '12 at 03:12

score 2 · Accepted Answer · answered Nov 17 '12 at 04:01

Solution here: https://gist.github.com/1282275

recopied here for posterity

# Adds support for http digest authentication in Rails 3  
# Inspired by: http://lightyearsoftware.com/2009/04/testing-http-digest-authentication-in-rails/
# Place this code in test/test_helper.rb
# In your test, call authenticate_with_http_digest prior to calling get, post, put or delete  
# Tested with Rails 3.0.7

class ActionController::TestCase
  require 'digest/md5'

  def authenticate_with_http_digest(user = API_USERNAME, password = API_PASSWORD, realm = API_REALM)
    ActionController::Base.class_eval { include ActionController::Testing }

    @controller.instance_eval %Q(
      alias real_process_with_new_base_test process_with_new_base_test

      def process_with_new_base_test(request, response)
        credentials = {
      :uri => request.url,
      :realm => "#{realm}",
      :username => "#{user}",
      :nonce => ActionController::HttpAuthentication::Digest.nonce(request.env['action_dispatch.secret_token']),
      :opaque => ActionController::HttpAuthentication::Digest.opaque(request.env['action_dispatch.secret_token'])
        }
        request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Digest.encode_credentials(request.request_method, credentials, "#{password}", false)

        real_process_with_new_base_test(request, response)
      end
    )
  end
end

FYI, if any person wants to put this in rspec just grab the method from the answer and put it into your rpsec helper file. — thank_you, Nov 17 '12 at 07:24

score 1 · Answer 2 · answered Oct 29 '14 at 11:57

1

Here's a solution for RSpec 3.1 and Rails 4 HTTP Digest Auth testing: https://gist.github.com/murbanski/6b971a3edc91b562acaf

answered Oct 29 '14 at 11:57

Marcin Urbanski

2,493
1
16
17

Writing a Test/Method for HTTP Digest Authentication

2 Answers2