search

ageweke / fortitude

Views Are Code: use all the power of Ruby to build views in your own language.
MIT License
73 stars 16 forks source link

:csrf_meta_tags helper unavailable? #33

Closed jdickey closed 9 years ago

jdickey commented 9 years ago

When I have a widget that generates a raw-HTML form tag (rather than using form_for or similar helpers), I'm responsible for explicitly including CSRF-protection meta tags as hidden fields. Fine; I'd think that should just be a matter of calling the :csrf_meta_tags helper in the form (which Fortitude lists in Fortitude::Rails::Helpers.

Simple, right? Not so much…

$ docker-compose run --rm app ruby -Itest test/views/form/base_test.rb --fail-fast

# Running tests with run options --fail-fast --seed 27516:

E
Error:
Widgets::Form::Base::has a #to_html method that::with the default control_group_content parameter::renders a containing :form tag with::the correct attributes for#test_0002_accept-charset:
NoMethodError: undefined method `csrf_meta_tags' for Fortitude::Rails::Helpers:Module
    app/views/form/base.rb:33:in `csrf_protection_not_redundant'
    app/views/form/base.rb:16:in `block in content'
    app/views/form/base.rb:47:in `block in form_widget'
    app/views/form/base.rb:47:in `form_widget'
    app/views/form/base.rb:14:in `content'
    test/views/form/base_test.rb:14:in `block (3 levels) in <main>'
    test/views/form/base_test.rb:15:in `block (3 levels) in <main>'
    test/views/form/base_test.rb:32:in `block (6 levels) in <main>'

Interrupted. Exiting...

Finished tests in 0.033643s, 29.7243 tests/s, 0.0000 assertions/s.

1 tests, 0 assertions, 0 failures, 1 errors, 0 skips

What am I missing?

Directly relevant widget source here; any of these tests will demonstrate the failure (as rendering the form to HTML will fail).

ageweke commented 9 years ago

I think this is likely again the same issue as #34: without access to Rails integration, no helpers will work, because the widget isn’t attached to a Rails view_context (which, in turn, requires an instantiated controller). With access to that, it should all just work, and you most definitely shouldn’t have to call it as Fortitude::Rails::Helpers.csrf_meta_tags — just plain csrf_meta_tags should work just fine.

If you find that anything else is going on, by all means, let me know, and I’ll fix it ASAP!