I'm trying to make a simple login example test in capybara where you use the user email and password to login, and it redirects to root_url with a notice "logged in"
For some reason capybara reports that I am at login_path "/login" after I use click_on log in, but when I run it rails s I am at root_path "/" with my notice.
What have I missed in either capybara or my test app?
All relevant code should be below.
controllers/sessions_controller.rb
def create
user = User.find_by_email(params[:email])
if user && user.authenticate(params[:password])
session[:user_id] = user.id
redirect_to root_url, notice: "logged in"
else
redirect_to login_path, notice: "Email or password incorrect"
end
end
view/sessions/new.html.erb
<h1>Sessions Log In</h1>
<%= form_tag sessions_path do %>
<div class="field">
<%= label_tag :email %><br />
<%= text_field_tag :email, params[:email] %>
</div>
<div class="field">
<%= label_tag :password %><br />
<%= password_field_tag :password %>
</div>
<div class="actions"><%= submit_tag "log in" %> </div>
<% end %>
login_spec.rb
it "should let you login with correct password" do
user = Factory.build(:user)
visit login_path
fill_in "Email", :with => user.email
fill_in "Password", :with => user.password
click_on "log in"
current_path.should == root_path
page.should have_content("logged in")
end
routes.rb
...
get 'login', to: 'sessions#new', as: 'login'
...
Factories.rb
Factory.define :user do |f|
f.sequence(:email) {|n| "a#{}#a.a"}
f.password "a"
end
Can you verify that you are actually logged in?
Try placing page.should have_content("logged in") before asserting current_path.
And why are you only building a user instead of creating/saving it. I hope you realise Factory.build(:user) functions different than Factory(:user) and it doesn't actually save the user.
Related
I 'm using authlogic for authentication and using this tutorial. I did refer to rubyDocs also. If I understand it correctly that attr_protected method ensures list of attributes will not be accessible for mass-assignment. And I have my model attributes as protected. I also tried changing the whitelist flag in config/application.rb to false..which didnt make any difference.
I think the problem might be because of no attribute called password & password_confirmation in user model. This is what the tutorial says
We changed the field name from :crypted_password to :password.
Authlogic will map the :password field to :crypted_password after
hashing it. We also changed the field type from f.text_field to
f.password_field, this will create your standard password input field
instead of a plain text input field. We have also added a
:password_confirmation field. All of the logic to support these fields
is built into authlogic.
Is this still true? Any suggestions on how to fix this issue?
Rails: 3.2.12
Ruby: 1..9.3
ActiveModel::MassAssignmentSecurity::Error in UsersController#create
Can't mass-assign protected attributes: password, password_confirmation
{"utf8"=>"✓",
"authenticity_token"=>"WUw09PvSlIxLUBFFsi1hiK6v0Y3nn7wqkjH3seCkU34=",
"user"=>{"username"=>"test",
"email"=>"test",
"password"=>"[FILTERED]",
"password_confirmation"=>"[FILTERED]"},
"commit"=>"Create User"}
Following is my model & controller
MODEL
class User < ActiveRecord::Base
attr_accessible :crypted_password, :email, :password_salt, :persistence_token, :username
end
CONTROLLER
def create
#user = User.new(params[:user])
respond_to do |format|
if #user.save
format.html { redirect_to #user, notice: 'User was successfully created.' }
format.json { render json: #user, status: :created, location: #user }
else
format.html { render action: "new" }
format.json { render json: #user.errors, status: :unprocessable_entity }
end
end
end
FORM.html
div class="field">
<%= f.label :username %><br />
<%= f.text_field :username %>
</div>
<div class="field">
<%= f.label :email %><br />
<%= f.text_field :email %>
</div>
<div class="field">
<%= f.label :password %><br />
<%= f.password_field :password %>
</div>
<div class="field">
<%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation %>
</div>
Thanks
It seems that, as you said, your attributes are protected so they cannot be mass assigned. Make them accessible by adding to the attr_accessible list
class User < ActiveRecord::Base
attr_accessible :crypted_password, :email, :password_salt, :persistence_token, :username, :password, :password_confirmation
end
NOTE: You might also want to remove sensitive data from that list like :crypted_password or :password_salt
class User < ActiveRecord::Base
attr_accessible :email, :persistence_token, :username, :password, :password_confirmation
end
I am new to Ruby on Rails and have been helped immensely by Michael Hartl's excellent book: Ruby on Rails Tutorial. I have gotten to Chapter 8 and am now on the exercises in that chapter. I am having ( I assume a typical "newbie") problem with exercise 1. In this exercise it is asked "1.Refactor the signin form to use form_tag in place of form_for." I have tried to searching for assistance with this in Stackoverflow, Google, Railscast, and many other "web searches" for two days now and I do not seem to find the assistance that I need to answer this problem. The file I am trying to modify with form_tag is below:
<% provide(:title, "Sign in") %>
<h1>Sign in</h1>
<div class="row">
<div class="span6 offset3">
<%= form_for(:session, url: sessions_path) do |f| %>
<%= f.label :email %>
<%= f.text_field :email %>
<%= f.label :password %>
<%= f.password_field :password %>
<%= f.submit "Sign in", class: "btn btn-large btn-primary" %>
<% end %>
<p>New user? <%= link_to "Sign up now!", signup_path %></p>
</div>
</div>
I am using Rails 3.2.3 in this application. Can anybody point me in the correct direction? Can anyone help me with this problem? I would be most appreciative.
This is the implementation that uses form_tag:
<% provide(:title, "Sign in") %>
<h1>Sign in</h1>
<div class="row">
<div class="span6 offset3">
<%= form_tag( url: sessions_path ) do %>
<%= label_tag :email %>
<%= text_field_tag :email %>
<%= label_tag :password %>
<%= password_field_tag :password %>
<%= submit_tag "Sign in", class: "btn btn-large btn-primary" %>
<% end %>
<p>New user? <%= link_to "Sign up now!", signup_path %></p>
</div>
</div>
I am using Rspec 2.9.0 and below are the failing tests:
describe "signin page" do
before { visit signin_path }
it { should have_selector('h1', text: 'Sign in') }
it { should have_selector('title', text: 'Sign in') }
end
and
describe "with invalid information" do
before { click_button "Sign in" }
it { should have_selector('title', text: 'Sign in') }
it { should have_selector('div.alert.alert-error', text: 'Invalid') }
describe "after visiting another page" do
before { click_link "Home" }
it { should_not have_selector('div.alert.alert-error') }
end
end
and
describe "with valid information" do
let(:user) { FactoryGirl.create(:user) }
before do
fill_in "Email", with: user.email
fill_in "Password", with: user.password
click_button "Sign in"
end
it { should have_selector('title', text: user.name) }
it { should have_link('Profile', href: user_path(user)) }
it { should have_link('Sign out', href: signout_path) }
it { should_not have_link('Sign in', href: signin_path) }
describe "followed by signout" do
before { click_link "Sign out" }
it { should have_link('Sign in') }
end
end
Here's my routes file:
SampleApp::Application.routes.draw do
resources :users
resources :sessions, only: [:new, :create, :destroy]
get "users/new"
root to: 'static_pages#home'
match '/signup', to: 'users#new'
match '/signin', to: 'sessions#new'
match '/signout', to: 'sessions#destroy', via: :delete
match '/help', to: 'static_pages#help'
match '/about', to: 'static_pages#about'
match '/contact', to: 'static_pages#contact'
end
I have just completed this exercise as well, so I am by no means an expert; however, this is the code that has worked for me and passed all the tests:
../app/views/sessions/new.html.erb
<% provide(:title, "Sign in") %>
<h1>Sign in</h1>
<div class="row">
<div class="span 6 offset 3">
<%= form_tag sessions_path do %>
<%= label_tag :email %>
<%= text_field_tag :email, params[:email] %>
<%= label_tag :password %>
<%= password_field_tag :password %>
<%= submit_tag "Sign in", class: "btn btn-large btn-primary" %>
<% end %>
<p>New User?<%= link_to "Sign Up Now", signup_path %> </p>
</div>
</div>
I also needed to change the ../app/controllers/sessions_contoller
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by_email(params[:email])
if user && user.authenticate(params[:password])
session[:user] = user.id
sign_in user
redirect_to user
else
flash.now[:error] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
sign_out
redirect_to root_path
end
end
Whilst this works, I'm not entirely sure why it does; if someone could explain why the changes in the controller are required it would be much appreciated. I know that this could be posed a s a separate question but it is closely related to OP and I'm sure we would both find it extremely useful in understanding not just how to get this to work but why it works this way. The following are the original view and controller files:
Original 'form_for' new.html.erb:
<% provide(:title, "Sign in") %>
<h1>Sign in</h1>
<div class="row">
<div class="span6 offset3">
<%= form_for(:session, url: sessions_path) do |f| %>
<%= f.label :email %>
<%= f.text_field :email %>
<%= f.label :password %>
<%= f.password_field :password %>
<%= f.submit "Sign in", class: "btn btn-large btn-primary" %>
<% end %>
<p>New user? <%= link_to "Sign up now!", signup_path %></p>
</div>
</div>
and the original sessions_controller:
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by_email(params[:session][:email])
if user && user.authenticate(params[:session][:password])
sign_in user
redirect_to user
else
flash.now[:error] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
sign_out
redirect_to root_path
end
end
I am working on the same step of the tutorial, and your question helped me finding my way.
The use of label and text_field, instead of label_tag and text_field_tag is working fine, and you don't have to change the controller code (this produce the same HTML code as with the original form_for method).
<%= form_tag(sessions_path) do %>
<%= label :session, :email %>
<%= text_field :session, :email %>
<%= label :session, :password %>
<%= password_field :session, :password %>
<%= submit_tag("Sign in", class: "btn btn-large btn-primary") %>
<% end %>
You can read details in http://guides.rubyonrails.org/form_helpers.html#dealing-with-model-objects
The RoR guides go over how form_tag works.
http://guides.rubyonrails.org/form_helpers.html
I got caught not naming the the fields right. When you view source of the original, it shows you the naming scheme.
<%= form_tag(sessions_path) do %>
<%= label_tag 'session_email', 'Email' %>
<%= text_field_tag 'session[email]' %>
<%= label_tag 'session_password', 'Password' %>
<%= password_field_tag 'session[password]' %>
<%= submit_tag "Sign in", class: "btn btn-large btn-primary" %>
<% end -%>
You have a Session_Helper that you aren't using in your implementation.
EDIT your helper methods.
def sign_in(user)
cookies.permanent[:remember_token] = user.remember_token
session[:user_id] = user.id
end
def sign_out
cookies.delete(:remember_token)
session[:user_id] = nil
end
Then you can simply use the appropriate methods in your session controller. This is a neater implementation that follows the modular approach to design. There also seems to be issues with rspec.
describe "with valid information" do
let(:user) { FactoryGirl.create(:user) }
before do
fill_in "Email", with: user.email.upcase
fill_in "Password", with: user.password
click_button "Sign in"
end
it { should have_selector('title', text: user.name) }
it { should have_link('Profile', href: user_path(user)) }
it { should have_link('Sign out', href: signout_path) }
it { should_not have_link('Sign in', href: signin_path) }
Even though everything is correct when you visit the page these tests are flagged. My guess is that you need to change before do because if it was doing what you want it to do the tests would pass.
Anyways, I'm curious to what the problem is with rspec if anyone has an idea!
I think that problem is with user.email.upcase. You don't need .upcase, when you remove it tests will pass.
I have a form as follows:
<%= form_for(:session, :url => sessions_path, :remote => true, :html => {:id => 'login_form'}) do |f| %>
<div class="formRow">
<%= f.label :email %><br>
<%= f.text_field :email, :value => (#email if #email) %>
</div>
<div class="formRow">
<%= f.label :password %><br>
<%= f.password_field :password %>
</div>
<div class="formRow small">
<%= link_to "I forgot my password",'#' %>
</div>
<div class="formRow">
<%= f.submit signin_button_text, :class => "button-big left" %>
</div>
<% end %>
It goes to this controller:
def create
#email = params[:session][:email]
user = User.authenticate(params[:session][:email],params[:session][:password])
respond_to do |format|
if user.nil?
#title = "Sign in"
flash.now[:error] = "Invalid email/password combination"
format.js {render :action => :new }
else
sign_in user
format.js {render :action => :create }
end
end
end
Here is the new.js file:
$('#login_form').replaceWith("<%=escape_javascript(render 'login_form')%>");
if($('.flash-block').length ==0) {
$('#login_form').before("<div class='flash-block error'><span><%=escape_javascript(flash[:error])%></span></div>");
}
For some reason if the form is submitted with errors it loops four times.
I don't understand why.
Is there something in the code that causes this to loop?
I am assuming that you are using jquery. This is usually happened when there is an incomplete call or there is some sort of error and you haven't refresh the page. Try something like this:
<script type="text/javascript">
$('#login_form').submit(function() {
$(this).unbind('submit').submit();
});
</script>
I was using Fancybox and was not opening it in an iframe. So I wound up loading the jquery libraries twice and thus when I submitted the form I had multiple submissions.
Once I opened Fancybox in an iframe it submitted only once.
I can open the view after running rails server and I see the newly created text field for billing_name as seen below and it works just fine.
views/registrations/new.html.erb
<h2>My New Signup</h2>
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
<%= devise_error_messages! %>
<p><%= f.label :email %><br />
<%= f.email_field :email %></p>
<p><%= f.label :password %><br />
<%= f.password_field :password %></p>
<p><%= f.label :password_confirmation, 'Password Confirmation' %><br />
<%= f.password_field :password_confirmation %></p>
<p><%= f.label :billing_name, 'Billing Name' %><br />
<%= f.text_field :billing_name %></p>
<p><%= f.submit "Sign up" %></p>
<% end %>
When I run my specs, however, it appears to be looking at the default devise view and cannot find that newly created billing_name field. If I save_and_open_page before trying to access that field in my spec it shows the default devise registration page, even though when I run rails server -e test, it displays my new customized view.
Here is the spec:
specs/requests/registration_spec.rb
require 'spec_helper'
describe "Registraion" do
describe "GET /signup" do
it "allows signup with proper credentials" do
visit signup_path
fill_in "user_email", :with => "sample#email.com"
fill_in "user_password", :with => "password"
fill_in "user_password_confirmation", :with => "password"
save_and_open_page
fill_in "user_billing_name", :with => "First Last"
end
end
end
And my spec helper is just the basic one that is auto-generated:
specs/spec_helper.rb
ENV["RAILS_ENV"] ||= 'test'
require File.expand_path("../../config/environment", __FILE__)
require 'rspec/rails'
Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
RSpec.configure do |config|
config.mock_with :rspec
config.fixture_path = "#{::Rails.root}/spec/fixtures"
config.use_transactional_fixtures = true
end
When you override the Devise controllers, be sure to also override the devise_for routes.
For example (in routes.rb):
devise_for :users, :controllers => { :registrations => 'registrations' }
The Devise wiki also has an example.
Whats wrong in my authentication i also dont know..can someone tell me what wrong?
i got user scaffold, and this is my admin controller
class AdminController < ApplicationController
def login
if request.post?
user = User.authenticate(params[:name], params[:password])
if user
session[:user_id] = user.id
redirect_to(:action => "index")
else
flash.now[:notice] = "Invalid user/password combination"
end
end
end
def logout
session[:user_id] = nil
flash[:notice] = "Logged out"
redirect_to(:action => "login")
end
def index
end
end
and this is my admin/login.html.erb
<div>
<%= form_tag do %>
<fieldset>
<legend>Please Log In</legend>
<div>
<label for="name">Name:</label>
<%= text_field_tag :name, params[:name] %>
</div>
<div>
<label for="password">Password:</label>
<%= password_field_tag :password, params[:password] %>
</div>
<div>
<%= submit_tag "Login" %>
</div>
</fieldset>
<% end %>
</div>
but when i try to log in using existence user it come like this
No route matches "/admin/login"
whats wrong with my code??am i missing something?
You should do that
Hawary::Application.routes.draw do
post 'admin/login' => 'admin#login'
end