Pt-I-5

I added a test to the integration tests, not sure if that’s exactly what they were looking for here.

In carts.yml:


one: 
  id: 12345
two: {}
#  column: value

In user_stories_test.rb:


  test "should fail on access of sensitive data" do
    # login user
    user = users(:one)
    get "/login" 
    assert_response :success
    post_via_redirect "/login", name: user.name, password: 'secret'
    assert_response :success
    assert_equal '/admin', path

    # look at a protected resource
    get "/carts/12345" 
    assert_response :success  
    assert_equal '/carts/12345', path

    # logout user
    delete "/logout" 
    assert_response :redirect
    assert_template "/"      

    #try to look at protected resource again, should be redirected to login page
    get "/carts/12345" 
    assert_response :redirect
    follow_redirect!  
    assert_equal '/login', path      
  end

I ended up with a very simple integration test in user_stories_test.rb


   test "should logout and not be allowed back in" do
      delete "/logout" 
      assert_redirected_to store_url

      get "/users" 
      assert_redirected_to login_url
   end

Quick links

Notes

How to Edit Pages

Page History

V3: Don Najd [about 1 year ago]
V2: Don Najd [about 1 year ago]
V1: Nick [over 1 year ago]

Recent Changes

Pt-D-5 V23: Viacheslav Soldatov
[3 days ago]
ChangesInRails30 V120: yossii bey
[6 days ago]
HomePage V54: yossii bey
[6 days ago]
ChangesInRails30 V119: yossii bey
[7 days ago]
ChangesInRails30 V117: yossii bey
[7 days ago]
ChangesInRails30 V118: System
[7 days ago]
ChangesToRails V3: yossii bey
[7 days ago]
HomePage V53: yossii bey
[7 days ago]