I've gone round and round trying to come up with the cleanest / easiest way to write request specs for certain pages of my site. I basically need a way to get Capybara to load pages that only accessible over https. Here are the pertinent details:
I'm currently using RSpec, Capybara and FactoryGirl on Rails 3.1.0
Its an e-commerce site. Some controllers force all actions ssl using the new force_ssl method in the controller class definition while some do not. I need the cart and checkout pages to be always https://, of course, while the rest of the site should remain accessible over http://.
I would be OK with somehow stubbing the SSL aspect of the requests if only I knew how to do it!
I'm sure many people out there have faced this same challenge. How did you do it?
What Capybara driver are you using? It should work fine with Selenium.
Related
I'm trying to use Wordpress to authenticate my Rails application users with the following Omniauth plugin:
https://github.com/jwickard/omniauth-wordpress-oauth2-plugin
I've followed the instructions carefully, and duplicated his example, but it doesn't work. Which is really surprising, because there's just not that much to it. However, I've found several threads on here like this one, that talk about the same problem I have:
Devise, OmniAuth & Facebook: "Not found. Authentication passthru."
When I click the "Sign in with Wordpress" (which is automatically inserted in my Devise sign-in page), I simply get a 404, with "Not found. Authentication passthru," which is a stub response for the passthru method in the Devise sources. Routes rake just fine, and look like all the examples. I've restarted the server dozens of times.
Despite several attempts to set site: and authorization_url: in the client_options, in both my devise config, and the plugin sources directly, my app never redirects to my Wordpress site. I've got about 10 hours into screwing around with this, and I don't know what's supposed to be responsible for actually sending me to the site to DO the authentication. Further complicating figuring this out is that almost every reference I can find to redirection in this sort of scenario is about the callback to my Rails site, after the authentication is done. I can never get that far.
There's a lot of confusing references to this problem on SO and the internet at large. There's some talk about making a "real" passthru or action_missing method in my OmniauthCallbacksController, but that seems to be outdated information. There's a lot of talk about making sure that I've defined the omniauth_providers in my User model, and I've tried it with and without, but that's not in any of the documentation about this plugin.
I've been trying to look at the plugin's strategy file, and it just doesn't seem that different than other Oauth2 plugins for Facebook, Google, or whatever, that I've been reviewing. It seems like there's a very simple thing I need to set in order to make this all work, but I can't find it, and I've run out of ideas on how to track it down. The plugin was last updated about 5 years ago. Does anyone still use this with modern versions of Devise, Omniauth, and Wordpress? If so, is there a clue you can give me to make it work?
I finally started tracing through the gem, and found where it was failing. As I searched on those further problems, I finally figured out that there were about 25 forks of this gem, and many of them addressed the problem. I used this particular one: https://github.com/bkno/omniauth-wordpress-oauth2-plugin
One project based on emberjs and rails.
When redirect to localhost/#lessons/2, the page works
when redirect to localhost/practices/2#/lessons/2,
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
so what's the difference between 'localhost/#lessons/2' and 'localhost/practices/2#/lessons/2'
If want to make 'localhost/practices/2#/lessons/2' works, how to set emberjs route?
so what's the difference between 'localhost/#lessons/2' and 'localhost/practices/2#/lessons/2'
Difference is the /practices/2 part. That's part of the url's path. By default ember will ignore that, it's just paying attention to the hash, which in bot cases is lessons/2.
Like firefox says, seems like the server is redirecting the request.
If want to make 'localhost/practices/2#/lessons/2' works, how to set emberjs route?
Hmmm... that url implies that server/rails is responsible for rendering practices/2 and that you have an ember app on the practices/2 page which should be rendering lessons/2? It's possible but that sounds like a very complicated setup. I'd be surprised if that's what you really want. Probably instead you will want to have localhost/#practices/2/lessons/2. With that setup just use normal ember routing as described here: http://emberjs.com/guides/routing/defining-your-routes/
I'm now on level 7 of Hartl's rails tutorial book and I'm starting to think about my application in deployment. It's an app that allows about 12 social workers to communicate collaboratively and privately. Thus, I need to password protect it.
However, it also needs to be easy to use, very easy to use. A few of these people haven't used a computer before, and having logging on and sign-up processes would put them off completely.
Thus I want to create a landing page, where they have to type a password in (the same password for everybody), then it redirects to the 'discussion pages.' My first idea was to use some obfuscated javascript such that upon typing in the password, it redirects them to the discussion pages, but this doesn't sound very secure.
Can anyone recommend me a better way to do this in rails? Ideally they would only have to type it in once, and then it would authenticate them for all the pages automatically (by setting a cookie?) and anyone trying to access a page directly would be redirected to the authentication page.
Cheers in advance
A very simple authentication option is available to you in this situation. I would suggest you watch the Ruby on Railscast episode 270. I think it just maybe what you are looking for.
If you want really simple, you can use authenticate_or_request_with_http_basic
It's not a replacement for a real authentication system, e.g. Devise or AuthLogic however.
I started to use the lockup gem for this purpose:
https://github.com/gblakeman/lockup
It is super easy to setup and almost every user accessing the site should be able to use it.
Is it possible to use kerberos to authenticate a user under rails? Are there any existing plugins (preferably which extend authlogic's functionality) to do this?
I'm hoping someone else will come around and show us a pure Rails way of doing this. But until then, the easiest way to get things going is by letting your web server handle it.
On that note, I'm going to assume Apache. If this is not the case, please tell us a bit more about your set-up.
Proper Kerberos authentication in browsers is done in the HTTP protocol itself, much like Basic or Digest authentication. In Apache, this can be done with mod_kerb_auth.
Then the next step is to find out how to retrieve the username. It depends a bit on the interface you're using between the web-server and your Rails app. This could be Passenger, FastCGI, mod_proxy, etc.
Many will follow the original CGI standard to some degree, passing along a bunch of environment variables with the request. Try the following in your controller:
username = request.env['REMOTE_USER']
That's as far as I can take you. I've never used authlogic. Though, by the looks of it, it supports plugins. Perhaps you can create a new one that blindly trusts REMOTE_USER if it is set?
If you wanto to switch from authlogic to Omniauth for your authentication there's a module for it:
https://github.com/jgraichen/omniauth-kerberos
I've been having trouble using cucumber and webrat to test authlogic-openid authentication in a rails app. Following Ryan Bates's excellent screencast I was able to install authlogic with the open-id plugin. OpenID works when I login using the browser but so far I've been unable to test the app using cucumber and webrat.
I've tried using rots as a dummy open id server. Again this works when I try it in the browser but webrat won't doesn't correctly follow the get/post redirects required to authentic with the dummy open id server.
This answer on SO suggests overriding the authentication method to always return a successful login but this approach doesn't seem like integration testing the application.
What is the best way to functionally test authlogic-open-id? Should I even bother? Should I test the actions when the user is already logged in and assume OpenID will work?
have you tried the test helper set_session_for(#user)? I would assume that the plugin is tested and there really is no need to test it again (unless you have modified it).
I asked the same question on the authlogic mailing list. I got a good answer directing me to use WWW:Mechanise with some patch code to that makes webrat follow all redirects. This seems to work for doing rails integration testing using authlogic open id with a local open id server.
Here's the discussion thread.