设计注销 - 黄瓜步骤失败但应用程序正常运行

时间:2015-01-26 20:49:46

标签: ruby-on-rails-4 devise cucumber declarative-authorization

红宝石-2.2.0 Rails的4.2 制定-3.4.1 Declarative_Authorization-0.5.7

我正在将Rails-3.2应用程序转换为Rails-4。该应用程序采用Devise身份验证和声明授权。我正在使用默认的Devise控制器。

在这个时刻,我已经通过了大部分身份验证方案。然而,我遇到的是我无法通过Cucumber注销,但我可以在浏览器中注销。有问题的步骤如下:

 When /select end the current session/ do
  selector_type = "#"
  selector_value = link = "session_end_action_id"
  selector = selector_type + selector_value
  click_button( selector_value )
end

路线如下:

. . .
                  new_user_session GET    /users/sign_in(.:format)                                        devise/sessions#new
                      user_session POST   /users/sign_in(.:format)                                        devise/sessions#create
              destroy_user_session DELETE /users/sign_out(.:format)                                       devise/sessions#destroy
                     user_password POST   /users/password(.:format)                                       devise/passwords#create
                 new_user_password GET    /users/password/new(.:format)                                   devise/passwords#new
                edit_user_password GET    /users/password/edit(.:format)                                  devise/passwords#edit
                                   PATCH  /users/password(.:format)                                       devise/passwords#update
                                   PUT    /users/password(.:format)                                       devise/passwords#update
                       user_unlock POST   /users/unlock(.:format)                                         devise/unlocks#create
                   new_user_unlock GET    /users/unlock/new(.:format)                                     devise/unlocks#new
                                   GET    /users/unlock(.:format)                                         devise/unlocks#show
                           account POST   /account(.:format)                                              users#create
                       new_account GET    /account/new(.:format)                                          users#new
                      edit_account GET    /account/edit(.:format)                                         users#edit
                                   GET    /account(.:format)                                              users#show
                                   PATCH  /account(.:format)                                              users#update
                                   PUT    /account(.:format)                                              users#update
                                   DELETE /account(.:format)                                              users#destroy
                      authenticate GET    /authenticate(.:format)                                         devise/sessions#new

. . .

                    users#index
                                   POST   /users(.:format)                                                users#create
                          new_user GET    /users/new(.:format)                                            users#new
                         edit_user GET    /users/:id/edit(.:format)                                       users#edit
                              user GET    /users/:id(.:format)                                            users#show
                                   PATCH  /users/:id(.:format)                                            users#update
                                   PUT    /users/:id(.:format)                                            users#update
                                   DELETE /users/:id(.:format)                                            users#destroy

. . .

视图中的代码如下所示:

  <%-if current_user-%>
  <span class="authenticated_session" id="authenticated_session">
  <%=button_to( I18n.t( :session_end ).strip.titleize, 
      :destroy_user_session, 
      :class => "button logout",
      :confirm => I18n.t( :session_end_confirm ).strip.titleize,
      :id => :session_end_action_id,
      :method => :delete, 
      :title => I18n.t( :session_end_logout ).strip.titleize )-%>
  </span
<%-else-%>
  <%=button_to( I18n.t( :session_start ).strip.titleize, 
      :new_user_session, 
      :class => "button login",
      :id => :session_start_action_id_top, 
      :method => :get, 
      :title => I18n.t( :session_start_login ).strip.titleize )-%>
<%-end-%>

当我通过身份验证并按下注销按钮后,我就会退出。当我运行黄瓜步骤时,我从声明授权中获得了授权错误。

  <p class='security classified' style='color: orangered'>
      you are not authorised to access the requested resource</p>    
  <br/>
  <!-- End of header section from layouts/application.html.erb -->

这是在应用程序控制器中生成的:

def permission_denied
  if current_user
    flash[:security_classified] =  I18n.t( :security_classified ).strip
  else
    flash[:security_restricted] =  I18n.t( :security_restricted ).strip
  end
  redirect_back_or_default( welcome_url )
end

这显然是从用户控制器调用的:

  User Load (0.5ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = ?  ORDER BY "users"."id" ASC LIMIT 1  [["id", 21]]

  Rendered public/hll_authorisation_notice.html (0.1ms)

  Rendered welcome/show.html.erb within layouts/application (3.6ms)
Completed 200 OK in 105ms (Views: 100.4ms | ActiveRecord: 0.6ms)

Started DELETE "/users/sign_out" for 127.0.0.1 at 2015-01-26 15:19:48 -0500

Processing by UsersController#destroy as HTML
  Parameters: {"id"=>"sign_out"}
   (0.2ms)  SELECT COUNT(*) FROM "users"
  User Load (0.2ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = ?  ORDER BY "users"."id" ASC LIMIT 1  [["id", 21]]
  CACHE (0.0ms)  SELECT COUNT(*) FROM "users"
  Role Load (0.4ms)  SELECT "roles".* FROM "roles" INNER JOIN "clearances" ON "roles"."id" = "clearances"."role_id" WHERE "clearances"."user_id" = ?  [["user_id", 21]]
  CACHE (0.0ms)  SELECT COUNT(*) FROM "users"

Redirected to http://www.example.com/welcome
Filter chain halted as :filter_access_filter rendered or redirected
Completed 302 Found in 23ms (ActiveRecord: 1.0ms)

Started GET "/welcome" for 127.0.0.1 at 2015-01-26 15:19:48 -0500
Processing by WelcomeController#show as HTML
   (0.2ms)  SELECT COUNT(*) FROM "users"
  User Load (0.2ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = ?  ORDER BY "users"."id" ASC LIMIT 1  [["id", 21]]

  Rendered public/hll_authorisation_notice.html (0.1ms)

  Rendered welcome/show.html.erb within layouts/application (1.5ms)
Completed 200 OK in 61ms (Views: 57.2ms | ActiveRecord: 0.4ms)
   (0.4ms)  rollback transaction

检查(为此目的重新格式化)permission_denied方法中的对象显示:

    #<UsersController:0x00000006ba52d8 @_action_has_layout=true,
 @_routes=nil, @_headers={"Content-Type"=>"text/html"}, @_status=200,
 @_request=#<ActionDispatch::Request:0x00000006ba51c0
 @env={"rack.version"=>[1, 3], "rack.input"=>#<StringIO:0x00000006c378e0>,
 "rack.errors"=>#<StringIO:0x00000006c379a8>, "rack.multithread"=>false,
 "rack.multiprocess"=>true, "rack.run_once"=>false,
 "REQUEST_METHOD"=>"DELETE", "SERVER_NAME"=>"www.example.com",
 "SERVER_PORT"=>"80", "QUERY_STRING"=>"", "PATH_INFO"=>"/users/sign_out",
 "rack.url_scheme"=>"http", "HTTPS"=>"off", "SCRIPT_NAME"=>"",
 "CONTENT_LENGTH"=>"14", "rack.test"=>true, "REMOTE_ADDR"=>"127.0.0.1",
 "HTTP_REFERER"=>"http://www.example.com/",
 "HTTP_HOST"=>"www.example.com",
 "CONTENT_TYPE"=>"application/x-www-form-urlencoded",
 "HTTP_COOKIE"=>"_proforma_session=. . .

因此,这肯定是用户控制器的一个问题。但错误仅在黄瓜运行期间遇到。当我使用Rails服务器提供应用程序并从浏览器访问它时,登录并注销然后我将被注销而没有任何错误,如下面的日志提取中所示。

Started DELETE "/users/sign_out" for ::1 at 2015-01-26 15:45:50 -0500
Processing by Devise::SessionsController#destroy as HTML
  Parameters: {"authenticity_token"=>"Xl9Ui1a6jt8gyjZOuh0lsefUqFI1eEunaXivaEdfwWhMofYhYbRumnZlsRQjwmjWiC1C7sI7O3FwDgEf9lJzJw=="}
  User Load (0.2ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = ?  ORDER BY "users"."id" ASC LIMIT 1  [["id", 1]]
   (0.2ms)  SELECT COUNT(*) FROM "users"
   (0.1ms)  begin transaction
   (0.4ms)  UPDATE "users" SET "accessed_at" = '2015-01-26 20:45:50.179843', "changed_at" = '2015-01-26 20:45:50.180748', "lock_version" = 20 WHERE ("users"."id" = 1 AND "users"."lock_version" = 19)
   (103.2ms)  commit transaction
Redirected to http://localhost:3000/

有没有人想过这里会发生什么?在浏览器sign_out中找到的令牌值是否显着?

P.S。如果我这样做:

visit('/users/sign_out')
然后步骤通过。我在这里做了一个疯狂的猜测但是有什么关于与RoR中的html按钮一起使用的javscript可能会导致我所看到的吗?

1 个答案:

答案 0 :(得分:0)

我认为我发现了什么是错的;在研究一个不同且无关的问题时偶然发现了。

我认为这个问题是Capybara使用的默认测试方法:

https://github.com/jnicklas/capybara#selecting-the-driver

  

默认情况下,Capybara使用:rack_test驱动程序,但速度很快   有限:它不支持JavaScript,也不能访问HTTP   Rack应用程序之外的资源,例如远程API和   OAuth服务。要解决这些限制,您可以设置一个   您的功能的不同默认驱动程序。例如,如果你是   喜欢在Selenium中运行所有东西,你可以这样做:

     

Capybara.default_driver = :selenium

     

但是,如果您使用RSpec或Cucumber,您可能会想要   考虑将更快的:rack_test保留为default_driver,并且   仅标记需要支持JavaScript的驱动程序的那些测试   分别使用:js => true@javascript。默认情况下,   使用:selenium driver运行JavaScript测试。您可以   通过设置Capybara.javascript_driver

来更改此设置      

您也可以暂时更改驱动程序(通常在   在/设置和After / teardown块之前):

     

Capybara.current_driver = :webkit # temporarily select different driver   ... tests ...   Capybara.use_default_driver # switch back to default driver

     

注意:切换驱动程序会创建一个新会话,因此您可能不会   能够在测试过程中切换。