Rails/Rspec Make tests pass with http basic authentication

Question

Here's my http basic authentication in the application controller file (application_controller.rb)

before_filter :authenticate

protected

def authenticate
  authenticate_or_request_with_http_basic do |username, password|
    username == "username" && password == "password"  
  end
end

and the default test for the index action of my home controller (spec/controllers/home_controller_spec.rb)

require 'spec_helper'

describe HomeController do

describe "GET 'index'" do
  it "should be successful" do
    get 'index'
    response.should be_success
  end
end

The test doesn't run because of the authentication method. I could comment out "before_filter :authenticate" to run them but I would like to know if there is way to make them worked with the method.

Thank you!

As of Rails 6, it looks like this answer is the working one. — Jason Swett
– Jason Swett, Commented Nov 19, 2021 at 15:59

notapatch · Accepted Answer · 2023-01-18 23:07:23Z

146

Update (2013): Matt Connolly has provided a GIST which also works for request and controller specs: http://gist.github.com/4158961

Another way of doing this if you have many tests to run and don't want to include it everytime (DRYer code):

Create a /spec/support/auth_helper.rb file:

module AuthHelper
  def http_login
    user = 'username'
    pw = 'password'
    request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user,pw)
  end  
end

In your test spec file:

describe HomeController do
  render_views

  # login to http basic auth
  include AuthHelper
  before(:each) do
    http_login
  end

  describe "GET 'index'" do
    it "should be successful" do
      get 'index'
      response.should be_success
    end
  end

end

Credit here - Archived site

edited Jan 18, 2023 at 23:07

notapatch

7,3136 gold badges44 silver badges54 bronze badges

answered Mar 8, 2011 at 22:21

iwasrobbed

46.8k21 gold badges152 silver badges195 bronze badges

Sign up to request clarification or add additional context in comments.

7 Comments

chourobin Over a year ago

it shows request is nil for me. any idea how to get a workaround?

Jonathan Tran Over a year ago

For request specs, you can have multiple requests, so request is nil. Instead you need to create an env hash env = {}, update that in your http_login method, and then pass in the env explicitly as in get '/', {}, env.

Matt Connolly Over a year ago

Expanding on the above, which works for request and controller specs: gist.github.com/4158961

JESii Over a year ago

+1 for the gist from Matt Connolly; it solved my problem when nothing else did. BTW, I tried to use the Rack::Test authorize method - didn't work.

deepwinter Over a year ago

I get Failure/Error: @request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Token.encode_credentials("test_access1") NoMethodError: undefined method `env' for nil:NilClass when I try to use this.. why ?

|

benoitr · Accepted Answer · 2023-09-18 11:25:09Z

21

Sorry I didn't search enough, the solution seems to be the following:

describe "GET 'index'" do
  it "should be successful" do
    @request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("username:password")
    get 'index'
    response.should be_success
  end
end

edited Sep 18, 2023 at 11:25

answered Sep 22, 2010 at 11:36

benoitr

6,1057 gold badges47 silver badges67 bronze badges

Comments

Ken Ratanachai S. · Accepted Answer · 2021-08-05 15:51:57Z

9

For me, with Rails 6, I need keyword arguments for rspec get method like .. get route, params: params, headers: headers

Auth Helper method

module AuthHelper
  def headers(options = {})
    user = ENV['BASIC_AUTH_USER']
    pw = ENV['BASIC_AUTH_PASSWORD']

    { HTTP_AUTHORIZATION: ActionController::HttpAuthentication::Basic.encode_credentials(user,pw) }
  end
  def auth_get(route, params = {})
    get route, params: params, headers: headers
  end
end

and the rspec request test.

describe HomeController, type: :request do    
  include AuthHelper

  describe "GET 'index'" do
    it "should be successful" do
      auth_get 'index'
      expect(response).to be_successful
    end
  end

end

answered Aug 5, 2021 at 15:51

Ken Ratanachai S.

3,58737 silver badges45 bronze badges

Comments

Daniel Garmoshka · Accepted Answer · 2016-12-22 19:56:23Z

8

Some answers suggest to set request.env which is unsafe, because request can be nil and you will end up with private method env' called for nil:NilClass, especially when run single tests with rspec -e

Correct approach will be:

def http_login
  user = 'user'
  password = 'passw'
  {
    HTTP_AUTHORIZATION: ActionController::HttpAuthentication::Basic.encode_credentials(user,password)
  }
end

get 'index', nil, http_login

post 'index', {data: 'post-data'}, http_login

answered Dec 22, 2016 at 19:56

Daniel Garmoshka

6,39847 silver badges47 bronze badges

1 Comment

Simon Jakobi Over a year ago

Thanks, this is the only approach that worked for my system tests using Capybara.

deepwinter · Accepted Answer · 2014-06-19 06:14:04Z

4

When using Rspec to test Grape APIs, the following syntax works

        post :create, {:entry => valid_attributes}, valid_session

where valid_session is

{'HTTP_AUTHORIZATION' => credentials}

and

credentials = ActionController::HttpAuthentication::Token.encode_credentials("test_access1")

answered Jun 19, 2014 at 6:14

deepwinter

4,7082 gold badges34 silver badges39 bronze badges

Comments

madcow · Accepted Answer · 2015-09-09 17:02:41Z

4

These are great solutions for controller and request specs.

For feature tests using Capybara, here is a solution to make HTTP Basic authentication work:

spec/support/when_authenticated.rb

RSpec.shared_context 'When authenticated' do
  background do
    authenticate
  end

  def authenticate
    if page.driver.browser.respond_to?(:authorize)
      # When headless
      page.driver.browser.authorize(username, password)
    else
      # When javascript test
      visit "http://#{username}:#{password}@#{host}:#{port}/"     
     end
  end

  def username
    # Your value here. Replace with string or config location
    Rails.application.secrets.http_auth_username
  end

  def password
    # Your value here. Replace with string or config location
    Rails.application.secrets.http_auth_password
  end

  def host
    Capybara.current_session.server.host
  end

  def port
    Capybara.current_session.server.port
  end
end

Then, in your spec:

feature 'User does something' do
  include_context 'When authenticated'

  # test examples
end

answered Sep 9, 2015 at 17:02

madcow

2,6331 gold badge17 silver badges31 bronze badges

2 Comments

user5853457 Over a year ago

Very helpful ! :)

scoudert Over a year ago

Doesn't work, in Chrome, IE and Safari (at least) you can't log in http auth with a url anymore

Viktor Ivliiev · Accepted Answer · 2020-07-21 12:21:01Z

0

My solution:

stub_request(method, url).with(
  headers: { 'Authorization' => /Basic */ }
).to_return(
  status: status, body: 'stubbed response', headers: {}
)

Use gem webmock

you can tighten verification by change:

/Basic */ -> "Basic #{Base64.strict_encode64([user,pass].join(':')).chomp}"

URL - can be a regular expression

edited Jul 21, 2020 at 12:21

answered Jul 21, 2020 at 8:58

Viktor Ivliiev

1,3545 gold badges17 silver badges26 bronze badges

1 Comment

qd3v Over a year ago

I think you don't need chomp in last snippet, because strict_encode64 does not add newlines as doc says

Collectives™ on Stack Overflow

Rails/Rspec Make tests pass with http basic authentication

7 Answers 7

7 Comments

Comments

Comments

1 Comment

Comments

2 Comments

1 Comment

Linked

Hot Network Questions

Collectives™ on Stack Overflow

7 Answers 7

7 Comments

Comments

Comments

1 Comment

Comments

2 Comments

1 Comment

Linked

Related