Home arrow Ruby-on-Rails arrow Page 2 - Securing the Login for a Rails Ecommerce Application
RUBY-ON-RAILS

Securing the Login for a Rails Ecommerce Application


In the first part of this four-part series we started to learn about security for an ecommerce application in Ruby-on-Rails. In this second part we're going to test some of what we did in the first part, and implement some important login features. This article is excerpted from chapter eight of the book Practical Rails Projects, written by Eldon Alameda (Apress; ISBN: 1590597818).

Author Info:
By: Apress Publishing
Rating: 5 stars5 stars5 stars5 stars5 stars / 5
June 17, 2010
TABLE OF CONTENTS:
  1. · Securing the Login for a Rails Ecommerce Application
  2. · Implementing the Fail Log In User Story
  3. · Adding the Flash Message
  4. · Adding Login Links and Styling

print this article
SEARCH DEVARTICLES

Securing the Login for a Rails Ecommerce Application - Implementing the Fail Log In User Story
(Page 2 of 4 )

To make sure that logging in with incorrect credentials doesn’t work, we can use the same basic code we already have in place in test/integration/authentication_test.rb, with only some slight additions to the DSL:

require "#{File.dirname(__FILE__)}/../test_helper"

class AuthenticationTest < ActionController::IntegrationTest
  def setup
   
User.create(:login => "george",
                :email => george@emporium.com,
                :password => "cheetah", 
                :password_confirmation => "cheetah")
 
end

  def test_successful_login
    george = enter_site(:george)
    george.tries_to_go_to_admin
    george.logs_in_successfully("george", "cheetah")
 
end

  def test_failing_login
    harry = enter_site(:harry)
    harry.tries_to_go_to_admin
    harry.attempts_login_and_fails("scott", "tiger")
 
end

  private

  module BrowsingTestDSL
    include ERB::Util
    attr_writer :name

    def tries_to_go_to_admin
      get "/admin/book/new"
      assert_response :redirect
      assert_redirected_to "/account/login"
    end

    def logs_in_successfully(login, password)
      post_login(login, password)
      assert_response :redirect
      assert_redirected_to "/admin/book/new"
    end

    def attempts_login_and_fails(login, password)
      post_login(login, password)
      assert_response :success
      assert_template "account/login"
      assert_equal "Incorrect login!", flash[:notice]
   
end

    private

    def post_login(login, password)
      post "/account/login", :login => login, :password => password
    end
  end

  def enter_site(name)
   
open_session do |session|
      session.extend(BrowsingTestDSL)
      session.name = name
      yield session if block_given?
    end
  end
end

As you can see, Harry’s case is similar to George’s, but he tries to log in with an account that doesn’t exist. Inattempts_login_and_fails, we check that he is not redirected and is served the login form again. You can run the test and see that it almost works:

$ ruby test/integration/authentication_test.rb

--------------------------------------------
Loaded suite test/integration/authentication_test
Started
F.
Finished in 0.36565 seconds.

  1) Failure:
test_failing_login(AuthenticationTest)

    [test/integration/ authentication_test.rb:45:in 'attempts_login_and_fails'
     test/integration/ authentication_test.rb:20:in 'test_failing_login'
     /usr/local/lib/ruby/gems/1.8/gems/actionpack-

1.12.1/lib/action_controller/ integration.rb:427:in 'run']:
<"Incorrect login!"> expected but was
<nil>.

2 tests, 12 assertions, 1 failures, 0 errors
--------------------------------------------

The failure means that the flash message is not set as we would like it to be. This is something that the plugin lets the developer handle.


blog comments powered by Disqus
RUBY-ON-RAILS ARTICLES

- Ruby-on-Rails Faces Second Security Flaw in ...
- Ruby 2.0 Prepped for February 2013 Release
- Why LinkedIn Switched from Ruby on Rails
- Adding Style with Action Pack
- Handling HTML in Templates with Action Pack
- Filters, Controllers and Helpers in Action P...
- Action Pack and Controller Filters
- Action Pack Categories and Events
- Logging Out, Events and Templates with Actio...
- Action Pack Sessions and Architecture
- More on Action Pack Partial Templates
- Action Pack Partial Templates
- Displaying Error Messages with the Action Pa...
- Action Pack Request Parameters
- Creating an Action Pack Registration Form

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials