mrichman/gist:118095

## gistfile1.txt
Cucumber is a Integration test harness, so your features should be
specifying who can authenticate via what URLs and your steps should be
exercising the controllers an filters that enforce those features.
The point being, you should be going through your views and hitting
the database, checking to see if the http response body contains what
you expect to see and not worrying about directly testing authlogic
itself.

# Authentication.feature

Feature: Application users are authenticated
  In Order To: restrict application access to authorized users
  A: User
  Should: Authenticate themselves to the application
  To: Protect Revenue

  Scenario: All visitors must authenticate
    Given I do have an user named "myuser"
      And the user is not authenticated
    When the user visits the application URL
    Then they should see the user authentication page

  Scenario: User authenticates successfully
    Given I do have an user named "myuser"
    When they visit the user authentication page
      And they enter the username "myuser"
      And they enter the password "myuser-password"
      And they press the authenticate button
    Then they should see an authentication success message

  Scenario: Only authenticated users may visit application pages
    Given I do have an user named "myuser"
      And the user is not authenticated
    When they visit a valid internal URL
    Then they should see an authentication request message
      And they should see the user authentication page

The steps specific to authentication are in the
authentication_steps.rb file.  Related steps are also found in the
user_steps.rb and webrat_steps.files. For reasons having to do with
multilingual support and decoupling the page design from integration
tests, I tend to check against ccs attributes (class=, div= and id=)
rather than page display contents. I also test generated route names
and not static url strings, so I use root_url rather than "/".
Authorisation is handled separately form authentication. Thus what I
have looks somewhat like this:

#authentication_steps.rb

When /end the session/ do
  pending
end

When /enter (?:a|the) password "(.*)"/ do |pass|
  # webrat step
 # ccs id=input_user_password
  Then "I fill in \"input_user_password\" with \"#{pass}\""
end

When /enter (?:a|the) password confirmation "(.*)"/ do |pass|
  Then "I fill in \"input_user_password_confirmation\" with \"#{pass}
\""
end

When /enter the username "(.*)"/ do |name|
  Then "I fill in \"input_user_username\" with \"#{name}\""
end

When /press the authenticate button/ do
  #button label - replace with css selector value
  Then "I press \"Authenticate\""
end

When /see (?:an|the) authentication required message/ do
  # response.body =~  - replace with ccs selector
  Then "I should see \"You must be authenticated\""
end

When /see (?:an|the) authentication action/ do
  have_selector("#link_new_user_session")
end

When /see (?:an|the) authentication notice message/ do
  have_selector("#authentication_notice")
end

When /see (?:an|the) authentication request message/ do
  have_selector("#authentication_request")
end

When /see (?:an|the) authentication success message/ do
  # example of rspec synax - requires rspec, rspec-rails and webrat
  have_selector("#authenticated_session_header")
end

When /terminates current session/ do
  # webrat step - replace label with ccs selector value
  Then "I follow \"End Current Session\""
end

When /user authentication page/ do
  visit new_user_session_url
end

When /user named "(.*)" authenticates/ do |name|
  visit new_user_session_url
  Then "see an authentication request message"
  Then "enter the username \"#{name}\""
  Then "enter the password \"#{name}-password\""
  Then "press the authenticate button"
  Then "see an authentication success message"
end

When /user named "(.*)" is authenticated/ do |name|
  Then "user named \"#{name}\" authenticates"
end

When /(?:user|visitor) is not authenticated/ do
  visit root_url
  if response.body.match('authenticated_session_header')
    Then "terminates current session"
  end
end
	Cucumber is a Integration test harness, so your features should be
	specifying who can authenticate via what URLs and your steps should be
	exercising the controllers an filters that enforce those features.
	The point being, you should be going through your views and hitting
	the database, checking to see if the http response body contains what
	you expect to see and not worrying about directly testing authlogic
	itself.

	# Authentication.feature

	Feature: Application users are authenticated
	In Order To: restrict application access to authorized users
	A: User
	Should: Authenticate themselves to the application
	To: Protect Revenue

	Scenario: All visitors must authenticate
	Given I do have an user named "myuser"
	And the user is not authenticated
	When the user visits the application URL
	Then they should see the user authentication page

	Scenario: User authenticates successfully
	Given I do have an user named "myuser"
	When they visit the user authentication page
	And they enter the username "myuser"
	And they enter the password "myuser-password"
	And they press the authenticate button
	Then they should see an authentication success message

	Scenario: Only authenticated users may visit application pages
	Given I do have an user named "myuser"
	And the user is not authenticated
	When they visit a valid internal URL
	Then they should see an authentication request message
	And they should see the user authentication page

	The steps specific to authentication are in the
	authentication_steps.rb file. Related steps are also found in the
	user_steps.rb and webrat_steps.files. For reasons having to do with
	multilingual support and decoupling the page design from integration
	tests, I tend to check against ccs attributes (class=, div= and id=)
	rather than page display contents. I also test generated route names
	and not static url strings, so I use root_url rather than "/".
	Authorisation is handled separately form authentication. Thus what I
	have looks somewhat like this:

	#authentication_steps.rb

	When /end the session/ do
	pending
	end

	When /enter (?:a\|the) password "(.*)"/ do \|pass\|
	# webrat step
	# ccs id=input_user_password
	Then "I fill in \"input_user_password\" with \"#{pass}\""
	end

	When /enter (?:a\|the) password confirmation "(.*)"/ do \|pass\|
	Then "I fill in \"input_user_password_confirmation\" with \"#{pass}
	\""
	end

	When /enter the username "(.*)"/ do \|name\|
	Then "I fill in \"input_user_username\" with \"#{name}\""
	end

	When /press the authenticate button/ do
	#button label - replace with css selector value
	Then "I press \"Authenticate\""
	end

	When /see (?:an\|the) authentication required message/ do
	# response.body =~ - replace with ccs selector
	Then "I should see \"You must be authenticated\""
	end

	When /see (?:an\|the) authentication action/ do
	have_selector("#link_new_user_session")
	end

	When /see (?:an\|the) authentication notice message/ do
	have_selector("#authentication_notice")
	end

	When /see (?:an\|the) authentication request message/ do
	have_selector("#authentication_request")
	end

	When /see (?:an\|the) authentication success message/ do
	# example of rspec synax - requires rspec, rspec-rails and webrat
	have_selector("#authenticated_session_header")
	end

	When /terminates current session/ do
	# webrat step - replace label with ccs selector value
	Then "I follow \"End Current Session\""
	end

	When /user authentication page/ do
	visit new_user_session_url
	end

	When /user named "(.*)" authenticates/ do \|name\|
	visit new_user_session_url
	Then "see an authentication request message"
	Then "enter the username \"#{name}\""
	Then "enter the password \"#{name}-password\""
	Then "press the authenticate button"
	Then "see an authentication success message"
	end

	When /user named "(.*)" is authenticated/ do \|name\|
	Then "user named \"#{name}\" authenticates"
	end

	When /(?:user\|visitor) is not authenticated/ do
	visit root_url
	if response.body.match('authenticated_session_header')
	Then "terminates current session"
	end
	end