Ruby-2.2.0导轨-4.2设计-3.4.1Declarative_Authorization-0.5.7
我正在将 Rails-3.2 应用程序转换为 Rails-4。 该应用程序同时采用设计身份验证和声明性授权。 我正在使用默认的设计控制器。
此时,我已经通过了大多数身份验证方案。 但是,我遇到的是我无法通过Cucumber注销,但我可以在浏览器中注销。 有问题的步骤如下所示:
When /select end the current session/ do
selector_type = "#"
selector_value = link = "session_end_action_id"
selector = selector_type + selector_value
click_button( selector_value )
end
路由如下所示:
. . .
new_user_session GET /users/sign_in(.:format) devise/sessions#new
user_session POST /users/sign_in(.:format) devise/sessions#create
destroy_user_session DELETE /users/sign_out(.:format) devise/sessions#destroy
user_password POST /users/password(.:format) devise/passwords#create
new_user_password GET /users/password/new(.:format) devise/passwords#new
edit_user_password GET /users/password/edit(.:format) devise/passwords#edit
PATCH /users/password(.:format) devise/passwords#update
PUT /users/password(.:format) devise/passwords#update
user_unlock POST /users/unlock(.:format) devise/unlocks#create
new_user_unlock GET /users/unlock/new(.:format) devise/unlocks#new
GET /users/unlock(.:format) devise/unlocks#show
account POST /account(.:format) users#create
new_account GET /account/new(.:format) users#new
edit_account GET /account/edit(.:format) users#edit
GET /account(.:format) users#show
PATCH /account(.:format) users#update
PUT /account(.:format) users#update
DELETE /account(.:format) users#destroy
authenticate GET /authenticate(.:format) devise/sessions#new
. . .
users#index
POST /users(.:format) users#create
new_user GET /users/new(.:format) users#new
edit_user GET /users/:id/edit(.:format) users#edit
user GET /users/:id(.:format) users#show
PATCH /users/:id(.:format) users#update
PUT /users/:id(.:format) users#update
DELETE /users/:id(.:format) users#destroy
. . .
视图中的代码如下所示:
<%-if current_user-%>
<span class="authenticated_session" id="authenticated_session">
<%=button_to( I18n.t( :session_end ).strip.titleize,
:destroy_user_session,
:class => "button logout",
:confirm => I18n.t( :session_end_confirm ).strip.titleize,
:id => :session_end_action_id,
:method => :delete,
:title => I18n.t( :session_end_logout ).strip.titleize )-%>
</span
<%-else-%>
<%=button_to( I18n.t( :session_start ).strip.titleize,
:new_user_session,
:class => "button login",
:id => :session_start_action_id_top,
:method => :get,
:title => I18n.t( :session_start_login ).strip.titleize )-%>
<%-end-%>
当我通过身份验证并按下注销按钮时,我就注销了。 当我运行黄瓜步骤时,我收到声明性授权的授权错误。
<p class='security classified' style='color: orangered'>
you are not authorised to access the requested resource</p>
<br/>
<!-- End of header section from layouts/application.html.erb -->
这是在应用程序控制器中生成的:
def permission_denied
if current_user
flash[:security_classified] = I18n.t( :security_classified ).strip
else
flash[:security_restricted] = I18n.t( :security_restricted ).strip
end
redirect_back_or_default( welcome_url )
end
这显然是从用户控制器调用的:
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 21]]
Rendered public/hll_authorisation_notice.html (0.1ms)
Rendered welcome/show.html.erb within layouts/application (3.6ms)
Completed 200 OK in 105ms (Views: 100.4ms | ActiveRecord: 0.6ms)
Started DELETE "/users/sign_out" for 127.0.0.1 at 2015-01-26 15:19:48 -0500
Processing by UsersController#destroy as HTML
Parameters: {"id"=>"sign_out"}
(0.2ms) SELECT COUNT(*) FROM "users"
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 21]]
CACHE (0.0ms) SELECT COUNT(*) FROM "users"
Role Load (0.4ms) SELECT "roles".* FROM "roles" INNER JOIN "clearances" ON "roles"."id" = "clearances"."role_id" WHERE "clearances"."user_id" = ? [["user_id", 21]]
CACHE (0.0ms) SELECT COUNT(*) FROM "users"
Redirected to http://www.example.com/welcome
Filter chain halted as :filter_access_filter rendered or redirected
Completed 302 Found in 23ms (ActiveRecord: 1.0ms)
Started GET "/welcome" for 127.0.0.1 at 2015-01-26 15:19:48 -0500
Processing by WelcomeController#show as HTML
(0.2ms) SELECT COUNT(*) FROM "users"
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 21]]
Rendered public/hll_authorisation_notice.html (0.1ms)
Rendered welcome/show.html.erb within layouts/application (1.5ms)
Completed 200 OK in 61ms (Views: 57.2ms | ActiveRecord: 0.4ms)
(0.4ms) rollback transaction
检查(为此目的重新格式化)permission_denied方法中的对象会发现以下内容:
#<UsersController:0x00000006ba52d8 @_action_has_layout=true,
@_routes=nil, @_headers={"Content-Type"=>"text/html"}, @_status=200,
@_request=#<ActionDispatch::Request:0x00000006ba51c0
@env={"rack.version"=>[1, 3], "rack.input"=>#<StringIO:0x00000006c378e0>,
"rack.errors"=>#<StringIO:0x00000006c379a8>, "rack.multithread"=>false,
"rack.multiprocess"=>true, "rack.run_once"=>false,
"REQUEST_METHOD"=>"DELETE", "SERVER_NAME"=>"www.example.com",
"SERVER_PORT"=>"80", "QUERY_STRING"=>"", "PATH_INFO"=>"/users/sign_out",
"rack.url_scheme"=>"http", "HTTPS"=>"off", "SCRIPT_NAME"=>"",
"CONTENT_LENGTH"=>"14", "rack.test"=>true, "REMOTE_ADDR"=>"127.0.0.1",
"HTTP_REFERER"=>"http://www.example.com/",
"HTTP_HOST"=>"www.example.com",
"CONTENT_TYPE"=>"application/x-www-form-urlencoded",
"HTTP_COOKIE"=>"_proforma_session=. . .
因此,这绝对是用户控制器的问题。但只有在黄瓜运行期间才会遇到错误。 当我使用 Rails 服务器提供应用程序并从浏览器访问它时,登录并注销,然后我注销没有任何错误,如下面的日志摘录所示。
Started DELETE "/users/sign_out" for ::1 at 2015-01-26 15:45:50 -0500
Processing by Devise::SessionsController#destroy as HTML
Parameters: {"authenticity_token"=>"Xl9Ui1a6jt8gyjZOuh0lsefUqFI1eEunaXivaEdfwWhMofYhYbRumnZlsRQjwmjWiC1C7sI7O3FwDgEf9lJzJw=="}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 1]]
(0.2ms) SELECT COUNT(*) FROM "users"
(0.1ms) begin transaction
(0.4ms) UPDATE "users" SET "accessed_at" = '2015-01-26 20:45:50.179843', "changed_at" = '2015-01-26 20:45:50.180748', "lock_version" = 20 WHERE ("users"."id" = 1 AND "users"."lock_version" = 19)
(103.2ms) commit transaction
Redirected to http://localhost:3000/
有没有人知道这里会发生什么? 在浏览器中找到的令牌值是否sign_out重要?
附言 如果我只是这样做:
visit('/users/sign_out')
然后步骤通过。 我在这里做了一个疯狂的猜测,但是关于 RoR 中与 html 按钮一起使用的 javscript 是否有任何可能导致我所看到的内容?
我想我已经发现了哪里出了问题;在研究一个不同的、不相关的问题时,我不小心发现了什么问题。
我认为问题是水豚使用的默认测试方法:
https://github.com/jnicklas/capybara#selecting-the-driver
默认情况下,Capybara 使用 :rack_test 驱动程序,它速度很快,但 受限:它不支持JavaScript,也无法访问HTTP 机架应用程序之外的资源,例如远程 API 和 OAuth 服务。要绕过这些限制,您可以设置 功能的默认驱动程序不同。例如,如果您 更喜欢在Selenium中运行所有内容,您可以执行以下操作:
Capybara.default_driver = :selenium但是,如果您使用的是 RSpec 或黄瓜,您可能希望 考虑将较快的
:rack_test保留为default_driver,以及 仅标记那些需要支持 JavaScript 的驱动程序的测试 分别使用:js => true或@javascript。默认情况下, JavaScript 测试是使用:selenium driver运行的。您可以 通过设置Capybara.javascript_driver来更改此设置。您还可以临时更改驱动程序(通常在 之前/设置和之后/拆卸块):
Capybara.current_driver = :webkit # temporarily select different driver... tests ...Capybara.use_default_driver # switch back to default driver注意:切换驱动程序会创建一个新会话,因此您可能不会 能够在测试过程中切换。