Closed adolski closed 1 year ago
@adolski I forgot to ask earlier - do you want me to commit changes for controller tests to the same PR i have open, or do you prefer I start a new branch and new PR for these?
@gaurijo A new PR would be best.
@adolski Okay, will do. I committed some setup related changes to my previous branch but will use a new one moving forward
Normally, when a user clicks a login link, they are redirected to the campus Shibboleth identity provider (IdP). They enter their NetID and password into the form and then upon successful authentication, they are ultimately redirected to the application's /auth/shibboleth/callback
route (handled by SessionsController.create()
). The request includes an "auth hash" containing various information like the user's email, name, and whatever other attributes that we asked the IdP to release when we registered the app with it.
In the test environment, we don't have access to an IdP. So we define a method in the ActiveSupport::TestCase
class (in test/test_helper.rb
) that simulates a login by sending a request to the /auth/shibboleth/callback
route as if a user had just successfully logged in:
##
# @param user [User]
#
def log_in_as(user)
post "/auth/shibboleth/callback", env: {
"omniauth.auth": {
provider: "shibboleth",
"Shib-Session-ID": SecureRandom.hex,
uid: user.email,
info: {
email: user.email
},
extra: {
raw_info: {
}
}
}
}
end
(A real request would contain more info than that in the info
and extra.raw_info
keys. But this is enough to make it work in testing.)
Now, from any test, we can do something like:
test "this is a test of something" do
user = users(:somebody)
log_in_as(user)
...
end
Once you log in, you will remain logged in even across tests, so you should remember to log out. Here is the logout counterpart to log_in_as()
which can be used the same way:
def log_out
delete logout_path
end
I have the auth hash set up in the ActiveSupport::TestCase
, but I'm not quite understanding how it gets called on in a test.
For example with Books I have fixture data to call on in test cases. Once this auth hash is setup, where does a user get called from if I have user = users(:example)
in my test, since there isn't a users table?
Oops, I forgot that the Book Tracker doesn't have a User model!
It doesn't need one because it doesn't track any actions related to users, and it considers anyone who is a member of the "Library Medusa Admins" AD group to be authorized.
So, you could modify the log_in_as(user)
method to just log_in
, and replace user.email
with some fake email.
@gaurijo In some of the tests, particularly of TasksController, you'll have to "log in" from the tests. Let me know when you get to that and I'll help.