Rails/Rspec Make tests pass with http basic authentication

Asked 22/9, 2010 at 11:25 Answered 5/8, 2021 at 15:51

Solved ruby-on-rails rspec http-authentication

Here's my http basic authentication in the application controller file (application_controller.rb)

before_filter :authenticate

protected

def authenticate
  authenticate_or_request_with_http_basic do |username, password|
    username == "username" && password == "password"  
  end
end

and the default test for the index action of my home controller (spec/controllers/home_controller_spec.rb)

require 'spec_helper'

describe HomeController do

describe "GET 'index'" do
  it "should be successful" do
    get 'index'
    response.should be_success
  end
end

The test doesn't run because of the authentication method. I could comment out "before_filter :authenticate" to run them but I would like to know if there is way to make them worked with the method.

Thank you!

Vani answered 22/9, 2010 at 11:25 Comment(1)

As of Rails 6, it looks like this answer is the working one. – Grackle 19/11, 2021 at 15:59

146

Update (2013): Matt Connolly has provided a GIST which also works for request and controller specs: http://gist.github.com/4158961

Another way of doing this if you have many tests to run and don't want to include it everytime (DRYer code):

Create a /spec/support/auth_helper.rb file:

module AuthHelper
  def http_login
    user = 'username'
    pw = 'password'
    request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user,pw)
  end  
end

In your test spec file:

describe HomeController do
  render_views

  # login to http basic auth
  include AuthHelper
  before(:each) do
    http_login
  end

  describe "GET 'index'" do
    it "should be successful" do
      get 'index'
      response.should be_success
    end
  end

end

Credit here - Archived site

Porky answered 8/3, 2011 at 22:21 Comment(7)

it shows request is nil for me. any idea how to get a workaround? – Africanist 5/4, 2012 at 20:1

For request specs, you can have multiple requests, so request is nil. Instead you need to create an env hash env = {}, update that in your http_login method, and then pass in the env explicitly as in get '/', {}, env. – Melmela 24/10, 2012 at 4:21

Expanding on the above, which works for request and controller specs: gist.github.com/4158961 – Subsolar 28/11, 2012 at 4:5

+1 for the gist from Matt Connolly; it solved my problem when nothing else did. BTW, I tried to use the Rack::Test authorize method - didn't work. – Fideism 2/3, 2013 at 12:1

I get Failure/Error: @request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Token.encode_credentials("test_access1") NoMethodError: undefined method `env' for nil:NilClass when I try to use this.. why ? – Cowgill 19/6, 2014 at 5:59

A slightly more convenient take on this: gist.github.com/lehresman/794f261708c82962763f – Concernment 29/7, 2015 at 13:48

It's worth mentioning, that you can also pass auth info directly as a 3rd argument: get '/repp/v1/contacts', { limit: 1, details: true }, { 'HTTP_AUTHORIZATION' => encoded_auth_key } – Bon 1/12, 2016 at 13:47

Sorry I didn't search enough, the solution seems to be the following:

describe "GET 'index'" do
  it "should be successful" do
    @request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("username:password")
    get 'index'
    response.should be_success
  end
end

Vani answered 22/9, 2010 at 11:36 Comment(0)

Some answers suggest to set request.env which is unsafe, because request can be nil and you will end up with private method env' called for nil:NilClass, especially when run single tests with rspec -e

Correct approach will be:

def http_login
  user = 'user'
  password = 'passw'
  {
    HTTP_AUTHORIZATION: ActionController::HttpAuthentication::Basic.encode_credentials(user,password)
  }
end

get 'index', nil, http_login

post 'index', {data: 'post-data'}, http_login

Preston answered 22/12, 2016 at 19:56 Comment(1)

Thanks, this is the only approach that worked for my system tests using Capybara. – Boa 20/2, 2019 at 10:42

For me, with Rails 6, I need keyword arguments for rspec get method like .. get route, params: params, headers: headers

Auth Helper method

module AuthHelper
  def headers(options = {})
    user = ENV['BASIC_AUTH_USER']
    pw = ENV['BASIC_AUTH_PASSWORD']

    { HTTP_AUTHORIZATION: ActionController::HttpAuthentication::Basic.encode_credentials(user,pw) }
  end
  def auth_get(route, params = {})
    get route, params: params, headers: headers
  end
end

and the rspec request test.

describe HomeController, type: :request do    
  include AuthHelper

  describe "GET 'index'" do
    it "should be successful" do
      auth_get 'index'
      expect(response).to be_successful
    end
  end

end

Goy answered 5/8, 2021 at 15:51 Comment(0)

When using Rspec to test Grape APIs, the following syntax works

        post :create, {:entry => valid_attributes}, valid_session

where valid_session is

{'HTTP_AUTHORIZATION' => credentials}

and

credentials = ActionController::HttpAuthentication::Token.encode_credentials("test_access1")

Cowgill answered 19/6, 2014 at 6:14 Comment(0)

These are great solutions for controller and request specs.

For feature tests using Capybara, here is a solution to make HTTP Basic authentication work:

spec/support/when_authenticated.rb

RSpec.shared_context 'When authenticated' do
  background do
    authenticate
  end

  def authenticate
    if page.driver.browser.respond_to?(:authorize)
      # When headless
      page.driver.browser.authorize(username, password)
    else
      # When javascript test
      visit "http://#{username}:#{password}@#{host}:#{port}/"     
     end
  end

  def username
    # Your value here. Replace with string or config location
    Rails.application.secrets.http_auth_username
  end

  def password
    # Your value here. Replace with string or config location
    Rails.application.secrets.http_auth_password
  end

  def host
    Capybara.current_session.server.host
  end

  def port
    Capybara.current_session.server.port
  end
end

Then, in your spec:

feature 'User does something' do
  include_context 'When authenticated'

  # test examples
end

Fluorine answered 9/9, 2015 at 17:2 Comment(2)

Very helpful ! :) – Dudden 16/5, 2017 at 20:49

Doesn't work, in Chrome, IE and Safari (at least) you can't log in http auth with a url anymore – Ozellaozen 17/7, 2019 at 12:54

My solution:

stub_request(method, url).with(
  headers: { 'Authorization' => /Basic */ }
).to_return(
  status: status, body: 'stubbed response', headers: {}
)

Use gem webmock

you can tighten verification by change:

/Basic */ -> "Basic #{Base64.strict_encode64([user,pass].join(':')).chomp}"

URL - can be a regular expression

Profanity answered 21/7, 2020 at 8:58 Comment(1)

I think you don't need chomp in last snippet, because strict_encode64 does not add newlines as doc says – Amputate 20/11, 2023 at 15:7

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags