functional testing with form_authenticity_token

159 views
Skip to first unread message

Greg

unread,
Feb 28, 2008, 5:21:36 PM2/28/08
to Ruby on Rails: Talk
hello,

I am building a page that has many ajax calls on the page, so when I
moved to rails 2.0, I, of course, noticed that my ajax calls stopped
working. After some research, I came up with the following solution.

I create a <div id="authenticity_token"><%= form_authenticity_token
%></div> at the bottom of my document, so that I could easily grab the
value with javascript and include it in my ajax calls This worked
great, btw.

The problem comes when I am trying to write functional tests for the
these pages. For example, the following code:

def test_view_not_logged_in
get :view, :id => users(:quentin).id
assert_response :success
end



Creates the following error:

ActionView::TemplateError: No :secret given to the
#protect_from_forgery call. Set that or use a session store capable
of generating its own keys (Cookie Session Store).
On line #39 of account/_signup_form.rhtml

36: </div>
37: <a href="javascript:showNewImage()">Try a different image </
a>
38: <% end -%>
39: <div id="form_authenticity_token" class="hidden"><%=
form_authenticity_token %></div>



I am using the Cookie Session Store in my development and production
environements. Is there any difference in the test environment? I
could add the :secret when I do testing, but that is pretty
cumbersome.

thanks in advance for any help!

Greg

Greg

unread,
Feb 28, 2008, 5:36:42 PM2/28/08
to Ruby on Rails: Talk
Following up on my own post....

I guess that I need to make sure that forgery is turned on:

<% if protect_against_forgery? %>
<div id="authenticity_token"><%= form_authenticity_token %></div>
<% end %>

The test environment turns it off.

Tiago Macedo

unread,
May 23, 2008, 1:10:08 PM5/23/08
to rubyonra...@googlegroups.com
Hi,

Unfortunately I also came into this bug so I created a patch and
submitted it to lighthouse:
http://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/242-patch-fixing-form_authenticity_token-in-the-test-environment

It doesn't merge correctly into 2.0.1, only edge.

Tiago Macedo

Reply all
Reply to author
Forward
0 new messages