Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
RSpec basic authentication helper module for request and controller specs
module AuthHelper
def http_login
user = 'username'
pw = 'password'
request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user,pw)
end
end
module AuthRequestHelper
#
# pass the @env along with your request, eg:
#
# GET '/labels', {}, @env
#
def http_login
@env ||= {}
user = 'username'
pw = 'password'
@env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user,pw)
end
end
# then in Rspec support:
RSpec.configure do |config|
config.include AuthRequestHelper, :type => :request
config.include AuthHelper, :type => :controller
end
# request specs need to explicitly pass the @env parameter along, eg:
describe "some request" do
http_login # or put this in a before :all
GET '/path', {}, @env
end
@dhedlund

This comment has been minimized.

Copy link

commented Jan 17, 2013

Have you seen the basic_authorize method that is built into of Rack::Test?:
https://github.com/brynary/rack-test/blob/1b1e730866/lib/rack/test.rb#L142-L152

@JESii

This comment has been minimized.

Copy link

commented Mar 2, 2013

The Rack::Test authorize method didn't work for me (method not found), but this gist absolutely did the trick - thanks!

@akemrir

This comment has been minimized.

Copy link

commented Mar 20, 2013

works great, thanks

@nicohvi

This comment has been minimized.

Copy link

commented Sep 27, 2013

Wish there was a way to +1 this - helped me a lot, thanks!

@benedictfischer09

This comment has been minimized.

Copy link

commented Oct 18, 2013

If you're using the force_ssl option in your application you might consider setting the https header in these methods

request.env['HTTPS'] = 'on'
@env['HTTPS'] = 'on'
@ttcremers

This comment has been minimized.

Copy link

commented Nov 28, 2014

Great help this. thanks!

@lehresman

This comment has been minimized.

Copy link

commented Jul 29, 2015

I've modified this to create a slightly more convenient solution:
https://gist.github.com/lehresman/794f261708c82962763f

@lccezinha

This comment has been minimized.

Copy link

commented Sep 3, 2015

Great job man! Thanks!

@rafaelcgo

This comment has been minimized.

Copy link

commented Sep 22, 2015

thanks for the examples! 👍

@bronson

This comment has been minimized.

Copy link

commented Jan 14, 2016

If you're writing an integration test / request spec, just use https!:

      it 'should not allow access' do
        https!
        get '/data/properties'
        expect(response.body).to eq( {'error' => 'Unauthorized'}.to_json )
      end
@fwilkens

This comment has been minimized.

Copy link

commented Sep 12, 2018

Working with request specs with rspec-rails 3.x (3.7.2 in my case), you can pass the auth in the headers:

get '/path', headers: { 'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Basic.encode_credentials(username, password) }
@luizcarvalho

This comment has been minimized.

Copy link

commented Apr 3, 2019

Thanks @mattconnolly, and thanks @fwilkens for update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.