如何在Rails / Capybara / Cucumber或Rspec中测试post
我正在使用rspec,黄瓜和水豚,我正在寻找一种方法来测试恶意用户无法破解表单然后发布到他/她没有权限的url。 我已经在cancan中设置了我的权限,这样“应该”可以工作,但是,我可以测试它的唯一方法是自己黑客攻击表单。
如何自动进行此类测试? 有了webrat,我可以用rspec进行unit testing
put :update, :user_id => @user.id, :id => @user_achievement.id response.should contain("Error, you don't have permission to access that!") 然而,在水豚中,访问只是看起来似乎。 我找不到办法做到这一点,我已经google了无处不在。
任何帮助将不胜感激,谢谢
我认为你可以用机架测试https://github.com/brynary/rack-test来做到这一点
在你的Gemfile中:
gem 'rack-test'
在你的env.rb文件中
module CapybaraApp def app; Capybara.app; end end World(CapybaraApp) World(Rack::Test::Methods)
步骤定义:
When /^I send a POST request to "([^"]*)"$/ do |path| post path end
我学到的大部分内容来自这里: http : //www.anthonyeden.com/2010/11/testing-rest-apis-with-cucumber-and-rack-test
更新:我认为你可以跳过你的env.rb文件的更改与更新版本的Rails和/或黄瓜(不知道哪些,我只是不做我的新项目的那部分,它工作正常)
和@Josh Crews一样,我主要基于这个: http ://www.anthonyeden.com/2010/11/testing-rest-apis-with-cucumber-and-rack-test/#comment-159。 但有两个值得注意的例外:1)我测试实际的响应体,2)我演示了如何测试POST请求。 这是使用Rails 3.0.9的示例:
脚步:
# features/step_definitions/api_step.feature When /^I send a GET request to "([^\"]*)"$/ do |url| authorize(User.last.email, "cucumber") header 'Accept', 'application/json' header 'Content-Type', 'application/json' get url end When /^I send a POST request to "([^\"]*)" with:$/ do |url, body| authorize(User.last.email, "cucumber") header 'Accept', 'application/json' header 'Content-Type', 'application/json' post url, body end Then /^the JSON response should have (\d+) "([^\"]*)" elements$/ do |number_of_children, name| page = JSON.parse(last_response.body) page.map { |d| d[name] }.length.should == number_of_children.to_i end Then /^I should receive the following JSON response:$/ do |expected_json| expected_json = JSON.parse(expected_json) response_json = JSON.parse(last_response.body) response_json.should == expected_json end Then /^I should receive the following JSON object response:$/ do |expected_json| expected_json = JSON.parse(expected_json) response_json = JSON.parse(last_response.body) if expected_json['id'] == 'RESPONSE_ID' expected_json['id'] = response_json['id'] end response_json.should == expected_json end
特征:
# features/api/some_feature.feature Feature: Users API Background: Given the following users exist: | id | name | | 1 | Joe | | 2 | Sue | | 3 | Paul | Scenario: Index action When I send a GET request to "/users/" Then the JSON response should have 3 "user" elements And I should receive the following JSON response: """ [ { "id":1, "name":"Joe" }, { "id":2, "name":"Sue" }, { "id":3, "name":"Paul" } ] """ Scenario: Create action When I send a POST request to "/users/" with: """ { "name":"Polly" } """ Then I should receive the following JSON object response: """ { "id":"RESPONSE_ID", "name":"Polly" } """ And I send a GET request to "/users/" And the JSON response should have 4 "user" elements