Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to test posts in Rails / Capybara / Cucumber or Rspec

Tags:

ruby-on-rails

rspec

cucumber

capybara

I'm using rspec, cucumber and capybara and I'm looking for a way to test that a malicious user can't hack a form then post to an url he/she doesn't have permission to. I have my permissions set up in cancan such that this "should" work, however, the only way I can test it is by hacking a form myself.

How can I automate this sort of testing? With webrat I could do this in a unit test with rspec with something like 

put :update, :user_id => @user.id, :id => @user_achievement.id
response.should contain("Error, you don't have permission to access that!")

In capybara, however, visit only does get's it seems. I can't find a way to do this, I've googled everwhere.

Any help would be much appreciated, Thanks

like image 548
Andrej Avatar asked Feb 23 '11 23:02

Andrej

People also ask

What is the difference between RSpec and cucumber?

The main difference between RSpec and Cucumber are the business readability factor. Cucumber's main draw is that the specification (features) are separate from the test code, so your product owners can provide or review the specification without having to dig through code.

What is RSpec and capybara?

Capybara and RSpec can be categorized as "Testing Frameworks" tools. Capybara and RSpec are both open source tools. It seems that Capybara with 8.85K GitHub stars and 1.29K forks on GitHub has more adoption than RSpec with 2.53K GitHub stars and 202 GitHub forks.

What is cucumber capybara?

cucumber is a BDD tool that expresses testing scenarios in a business-readable, domain-specific language. capybara is an automated testing tool (often used) for ROR applications.

What is Capybara in Rails?

What is Capybara? Capybara is an acceptance test framework for web applications. It's a common choice for end-to-end, acceptance, or integration testing in Rails applications. It allows developers to simulate a user on a web page and make assertions based on the content and environment of the page.

1 Answers

I think you can do this with rack-test https://github.com/brynary/rack-test

in your Gemfile:

gem 'rack-test'

in your env.rb file

module CapybaraApp
  def app; Capybara.app; end
end
World(CapybaraApp)
World(Rack::Test::Methods)

step defintions somewhere:

When /^I send a POST request to "([^"]*)"$/ do |path|
  post path
end

Most of what I learned came from here: http://www.anthonyeden.com/2010/11/testing-rest-apis-with-cucumber-and-rack-test

UPDATE: I think you can skip the changes to your env.rb file with newer versions of Rails and/or Cucumber (not sure which, I just don't do that part on my newer projects and it works fine)

like image 116
Josh Crews Avatar answered Oct 20 '22 09:10

Josh Crews
Sign in to Comment

Related questions

Use separate authentication model with Devise on Rails
How to Rescue from ActionDispatch::ParamsParser::ParseError in Rails 4
What is wrong with readline?
Local Gem Path For Development And Remote Git Repo For Production
Elasticsearch out of sync when overwhelmed on HTTP at test suite
Is there a Rails 4 circular dependent: :destroy workaround?
redirect_to with :anchor. The :anchor gets lost on the Show action but works fine on Create
undefined method `includes' for object instance
Redirect User to Signup
Rails ActiveRecord Includes with Inner Join
Rails/Devise sign-in doesn't work on Safari (422/CSRF error)
How can I create a second Rails in-memory store cache?
Unable to turn off SQL logging in my Rails production environment
rails has_many :through has_many :through
Ruby on Rails ActiveRecord: pluralization
How to build a JSON response made up of multiple models in Rails
In rails, how to destroy a 'join table item' with out deleting the real record?
Should a model method call 'save' itself?
What does "Anonymous modules have no name to be referenced by" really mean?
Render template and change url string in browser?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!