3

Does any of you know how to do (implement) something like this:

sample.feature

...
scenario: unauthorized user cannot delete event
  Given list of events
  When event is deleted
  Then nothing happen
...

sample_steps.rb

...
When /^event is deleted$/ do
  delete (_path_to_controller_ + "/%d" % @events.first().id)
...

Of course in this step I want to send a request according to the result of rake routes, which is something like this (I've moved resources under admin path):

rake routes

...
DELETE /admin/controller_name/:id(.:format)         controller_name#destroy
...

I have been experimenting and searching internet for so long and yet I don't know how to do it :(

Monar
  • 133
  • 4

2 Answers2

1

I've used Rack::Test in the past to send DELETE requests to an API:

When /^event is deleted$/ do
  header 'Accept', 'application/json'
  header 'Content-Type', 'application/json'

  authorize "username", "password"
  url = _path_to_controller_ + "/%d" % @events.first().id)

  delete url
end

Having said that, I'm not sure I'd recommend it in your case. Is the event going to be deleted from some action in the interface such as clicking a button? If so, you should use capybara to log in and click the button. This gives you the benefit of full integration coverage and you don't have to deal with Rack::Test (not that it's a bad tool, but it's another tool).

Peter Brown
  • 50,956
  • 18
  • 113
  • 146
  • Thx, I just wanted to check if manual hacking is possible, despite capybara approach to click through all the links. – Monar Nov 21 '12 at 21:22
  • I've just tested it in opposite situation. I tried to delete event as admin and `delete` returned `Rack::MockResponse` with error: `{"error":"You need to sign in or sign up before continuing."}`, but I'm able to open pages via `visit` from _capybara_ what mean I'm logged in !?. I'm new to rails so probably I am missing something obvious ? – Monar Nov 21 '12 at 22:12
  • It's because the Rack::Test request is running in a separate process and requires its own user to be logged in. Did you add the authorize call? – Peter Brown Nov 21 '12 at 22:51
  • Yes, I did... the problem was *gem devise* and it's default configuration. – Monar Nov 22 '12 at 00:40
0

Uff I've solved the problem. Great Thanks to Beerlington

So in this post I will sum up my time with the problem and its solution.

Related topics and documentation

Background

I'm using devise gem for authentication. My goal was to check if possible is manual hacking to resource management features like delete.

Problem

Above ;D

Solution

When /^event is deleted$/ do
  header 'Accept', 'application/json'
  header 'Content-Type', 'application/json'

  authorize "username", "password"
  url = _path_to_controller_ + "/%d" % @events.first().id)

  delete url
end

is not working with default devise configuration. Because it uses HTTP authentication which is disabled by default.

config/initializers/devise.rb

# Tell if authentication through HTTP Basic Auth is enabled. False by default.
# It can be set to an array that will enable http authentication only for the
# given strategies, for example, `config.http_authenticatable = [:token]` will
# enable it only for token authentication.
# config.http_authenticatable = false

So if we want to make above test working, we need to change last line to:

config.http_authenticatable = true

But the question is do we really wanna do it ?

And as a last note: header calls are optional. Records are deleted with or without them.

  • with them delete return with status code : 204 No Content
  • and without them delete return with status code : 302 Found
Community
  • 1
  • 1
Monar
  • 133
  • 4