CODEWITHSUNDEEP
authenticationruby-on-rails-4
Nate Bird
Nate Bird

Reputation: 5335

Testing HTTP Digest Authentication in Rails 4

In Rails 3 we used this nice little hack (at least it was contained and easily reused) - Writing a Test/Method for HTTP Digest Authentication

However, this method (process_with_new_base_test ) is completely gone in Rails 4 (master). Does anyone know the proper way of testing digest authentication in Rails 4?

Rails 4.0.b1 ActionController::Testing

Rails 3.2.x ActionController::Testing

Upvotes: 2

Views: 956

Answers (2)

Marcin Urbanski
Marcin Urbanski

Reputation: 2493

Here's a bit easier to use version: https://gist.github.com/murbanski/6b971a3edc91b562acaf

Upvotes: 1

Ian Lloyd
Ian Lloyd

Reputation: 28

I had the same issue. I read through the Rails 4 test cases and built the below solution. Its not perfect by any stretch of the imagination but it works in my test environment. It is a drop-in solution for the original authenticate_with_http_digest helper method.

Gist here: https://gist.github.com/illoyd/9429839

And for posterity:

# This should go into spec/support/auth_spec_helpers.rb (if you are using RSpec)
module AuthSpecHelpers

  ##
  # Convenience method for setting the Digest Authentication details.
  # To use, pass the username and password.
  # The method and target are used for the initial request to get the digest auth headers. These will be translated into 'get :index' for example.
  # The final 'header' parameter sets the request's authentication headers.
  def authenticate_with_http_digest(user, password, method = :get, target = :index, header = 'HTTP_AUTHORIZATION')
    @request.env[header] = encode_credentials(username: user, password: password, method: method, target: target)
  end

  ##
  # Shamelessly stolen from the Rails 4 test framework.
  # See https://github.com/rails/rails/blob/a3b1105ada3da64acfa3843b164b14b734456a50/actionpack/test/controller/http_digest_authentication_test.rb
  def encode_credentials(options)
    options.reverse_merge!(:nc => "00000001", :cnonce => "0a4f113b", :password_is_ha1 => false)
    password = options.delete(:password)

    # Perform unauthenticated request to retrieve digest parameters to use on subsequent request
    method = options.delete(:method) || 'GET'
    target = options.delete(:target) || :index

    case method.to_s.upcase
    when 'GET'
      get target
    when 'POST'
      post target
    end

    assert_response :unauthorized

    credentials = decode_credentials(@response.headers['WWW-Authenticate'])
    credentials.merge!(options)
    path_info = @request.env['PATH_INFO'].to_s
    uri = options[:uri] || path_info
    credentials.merge!(:uri => uri)
    @request.env["ORIGINAL_FULLPATH"] = path_info
    ActionController::HttpAuthentication::Digest.encode_credentials(method, credentials, password, options[:password_is_ha1])
  end

  ##
  # Also shamelessly stolen from the Rails 4 test framework.
  # See https://github.com/rails/rails/blob/a3b1105ada3da64acfa3843b164b14b734456a50/actionpack/test/controller/http_digest_authentication_test.rb
  def decode_credentials(header)
    ActionController::HttpAuthentication::Digest.decode_credentials(header)
  end

end

# Don't forget to add to rspec's config (spec/spec_helper.rb)
RSpec.configure do |config|
  # Include auth digest helper
  config.include AuthSpecHelpers, :type => :controller
end

Happy testing.

Upvotes: 1

Related Questions