Home arrow Ruby-on-Rails arrow Page 3 - Security for a Rails Ecommerce Application

Security for a Rails Ecommerce Application

We've been building an ecommerce application for an online bookstore. Now we've reached one of the most important stages in the application's design: building in the security to prevent malicious hackers from wreaking havoc. This four-part series shows you how to protect your application. This article is excerpted from chapter eight of the book Practical Rails Projects, written by Eldon Alameda (Apress; ISBN: 1590597818).

Author Info:
By: Apress Publishing
Rating: 5 stars5 stars5 stars5 stars5 stars / 2
June 14, 2010
  1. · Security for a Rails Ecommerce Application
  2. · Using the Authentication Plugin
  3. · Implementing the Log In User Story
  4. · Adding the Filter

print this article

Security for a Rails Ecommerce Application - Implementing the Log In User Story
(Page 3 of 4 )

We start the grunt work by creating a new integration test case for the login functionality.

$ script/generate integration_test authentication

--------------------------------------------  exists  test/integration/
  create test/integration/authentication_test.rb

First, we want to test that when George tries to go to the admin section of the site, he gets redirected to the login page. Opentest/integration/authentication_test.rband create the DSL for our integration test, as shown in Listing 8-2.

Listing 8-2. First Version of the Authentication Integration Test

require "#{File.dirname(__FILE__)}/../test_helper"

class AuthenticationTest < ActionController::IntegrationTest
def test_successful_login
    george = enter_site(:george)


  module BrowsingTestDSL
    include ERB::Util
    attr_writer :name

    def tries_to_go_to_admin
      get "/admin/book/new"
      assert_response :redirect
      assert_redirected_to "/account/login"


  def enter_site(name)
open_session do |session|
      session.name = name
      yield session if block_given?

Here, the most interesting part is in thetries_to_go_to_adminmethod. This is where we test that the first part of the story goes as planned: George is redirected to the login page when trying to access admin pages. If you run the test, you get the following failure:

$ ruby test/integration/authentication_test.rb

--------------------------------------------Loaded suite test/integration/authentication_test
Finished in 1.44942 seconds.

  1) Failure:

    [test/integration/ authentication_test.rb:17:in 'tries_to_go_to_admin'
     test/integration/ authentication_test.rb:6:in 'test_successful_login'
1.12.1/lib/action_controller/integration.rb:427:in 'run']:
Expected response to be a <:redirect>, but was <200>

1 tests, 1 assertions, 1 failures, 0 errors

It seems the redirection is not working, which should come as no surprise. Now itís time to put the authentication plugin to work.

blog comments powered by Disqus

- Ruby-on-Rails Faces Second Security Flaw in ...
- Ruby 2.0 Prepped for February 2013 Release
- Why LinkedIn Switched from Ruby on Rails
- Adding Style with Action Pack
- Handling HTML in Templates with Action Pack
- Filters, Controllers and Helpers in Action P...
- Action Pack and Controller Filters
- Action Pack Categories and Events
- Logging Out, Events and Templates with Actio...
- Action Pack Sessions and Architecture
- More on Action Pack Partial Templates
- Action Pack Partial Templates
- Displaying Error Messages with the Action Pa...
- Action Pack Request Parameters
- Creating an Action Pack Registration Form

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 

Developer Shed Affiliates


© 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials