small medium large xlarge



I added a test to the integration tests, not sure if that’s exactly what they were looking for here.

In carts.yml:

  id: 12345
two: {}
#  column: value

In user_stories_test.rb:

  test "should fail on access of sensitive data" do
    # login user
    user = users(:one)
    get "/login" 
    assert_response :success
    post_via_redirect "/login", name:, password: 'secret'
    assert_response :success
    assert_equal '/admin', path

    # look at a protected resource
    get "/carts/12345" 
    assert_response :success  
    assert_equal '/carts/12345', path

    # logout user
    delete "/logout" 
    assert_response :redirect
    assert_template "/"      

    #try to look at protected resource again, should be redirected to login page
    get "/carts/12345" 
    assert_response :redirect
    assert_equal '/login', path      

An even simpler integration test:

   test "should logout and not be allowed back in" do
      delete "/logout" 
      assert_redirected_to store_url

      get "/users" 
      assert_redirected_to login_url

Page History
  • V3: Don Najd [over 3 years ago]
  • V2: Don Najd [over 3 years ago]
  • V1: Nick [almost 4 years ago]