mrichman · May 26, 2009 14:42
diff --git a/gistfile1.txt b/gistfile1.txt
 Cucumber is a Integration test harness, so your features should be
 specifying who can authenticate via what URLs and your steps should be
 exercising the controllers an filters that enforce those features.
 The point being, you should be going through your views and hitting
 the database, checking to see if the http response body contains what
 you expect to see and not worrying about directly testing authlogic
 itself.

 # Authentication.feature

 Feature: Application users are authenticated
  In Order To: restrict application access to authorized users
  A: User
  Should: Authenticate themselves to the application
  To: Protect Revenue

  Scenario: All visitors must authenticate
    Given I do have an user named "myuser"
      And the user is not authenticated
    When the user visits the application URL
    Then they should see the user authentication page

  Scenario: User authenticates successfully
    Given I do have an user named "myuser"
    When they visit the user authentication page
      And they enter the username "myuser"
      And they enter the password "myuser-password"
      And they press the authenticate button
    Then they should see an authentication success message

  Scenario: Only authenticated users may visit application pages
    Given I do have an user named "myuser"
      And the user is not authenticated
    When they visit a valid internal URL
    Then they should see an authentication request message
      And they should see the user authentication page

 The steps specific to authentication are in the
 authentication_steps.rb file.  Related steps are also found in the
 user_steps.rb and webrat_steps.files. For reasons having to do with
 multilingual support and decoupling the page design from integration
 tests, I tend to check against ccs attributes (class=, div= and id=)
 rather than page display contents. I also test generated route names
 and not static url strings, so I use root_url rather than "/".
 Authorisation is handled separately form authentication. Thus what I
 have looks somewhat like this:

 #authentication_steps.rb

 When /end the session/ do
  pending
 end

 When /enter (?:a|the) password "(.*)"/ do |pass|
  # webrat step
 # ccs id=input_user_password
  Then "I fill in \"input_user_password\" with \"#{pass}\""
 end

 When /enter (?:a|the) password confirmation "(.*)"/ do |pass|
  Then "I fill in \"input_user_password_confirmation\" with \"#{pass}
 \""
 end

 When /enter the username "(.*)"/ do |name|
  Then "I fill in \"input_user_username\" with \"#{name}\""
 end

 When /press the authenticate button/ do
  #button label - replace with css selector value
  Then "I press \"Authenticate\""
 end

 When /see (?:an|the) authentication required message/ do
  # response.body =~  - replace with ccs selector
  Then "I should see \"You must be authenticated\""
 end

 When /see (?:an|the) authentication action/ do
  have_selector("#link_new_user_session")
 end

 When /see (?:an|the) authentication notice message/ do
  have_selector("#authentication_notice")
 end

 When /see (?:an|the) authentication request message/ do
  have_selector("#authentication_request")
 end

 When /see (?:an|the) authentication success message/ do
  # example of rspec synax - requires rspec, rspec-rails and webrat
  have_selector("#authenticated_session_header")
 end

 When /terminates current session/ do
  # webrat step - replace label with ccs selector value
  Then "I follow \"End Current Session\""
 end

 When /user authentication page/ do
  visit new_user_session_url
 end

 When /user named "(.*)" authenticates/ do |name|
  visit new_user_session_url
  Then "see an authentication request message"
  Then "enter the username \"#{name}\""
  Then "enter the password \"#{name}-password\""
  Then "press the authenticate button"
  Then "see an authentication success message"
 end

 When /user named "(.*)" is authenticated/ do |name|
  Then "user named \"#{name}\" authenticates"
 end

 When /(?:user|visitor) is not authenticated/ do
  visit root_url
  if response.body.match('authenticated_session_header')
    Then "terminates current session"
  end
 end
	Cucumber is a Integration test harness, so your features should be
	specifying who can authenticate via what URLs and your steps should be
	exercising the controllers an filters that enforce those features.
	The point being, you should be going through your views and hitting
	the database, checking to see if the http response body contains what
	you expect to see and not worrying about directly testing authlogic
	itself.

	# Authentication.feature

	Feature: Application users are authenticated
	In Order To: restrict application access to authorized users
	A: User
	Should: Authenticate themselves to the application
	To: Protect Revenue

	Scenario: All visitors must authenticate
	Given I do have an user named "myuser"
	And the user is not authenticated
	When the user visits the application URL
	Then they should see the user authentication page

	Scenario: User authenticates successfully
	Given I do have an user named "myuser"
	When they visit the user authentication page
	And they enter the username "myuser"
	And they enter the password "myuser-password"
	And they press the authenticate button
	Then they should see an authentication success message

	Scenario: Only authenticated users may visit application pages
	Given I do have an user named "myuser"
	And the user is not authenticated
	When they visit a valid internal URL
	Then they should see an authentication request message
	And they should see the user authentication page

	The steps specific to authentication are in the
	authentication_steps.rb file. Related steps are also found in the
	user_steps.rb and webrat_steps.files. For reasons having to do with
	multilingual support and decoupling the page design from integration
	tests, I tend to check against ccs attributes (class=, div= and id=)
	rather than page display contents. I also test generated route names
	and not static url strings, so I use root_url rather than "/".
	Authorisation is handled separately form authentication. Thus what I
	have looks somewhat like this:

	#authentication_steps.rb

	When /end the session/ do
	pending
	end

	When /enter (?:a\|the) password "(.*)"/ do \|pass\|
	# webrat step
	# ccs id=input_user_password
	Then "I fill in \"input_user_password\" with \"#{pass}\""
	end

	When /enter (?:a\|the) password confirmation "(.*)"/ do \|pass\|
	Then "I fill in \"input_user_password_confirmation\" with \"#{pass}
	\""
	end

	When /enter the username "(.*)"/ do \|name\|
	Then "I fill in \"input_user_username\" with \"#{name}\""
	end

	When /press the authenticate button/ do
	#button label - replace with css selector value
	Then "I press \"Authenticate\""
	end

	When /see (?:an\|the) authentication required message/ do
	# response.body =~ - replace with ccs selector
	Then "I should see \"You must be authenticated\""
	end

	When /see (?:an\|the) authentication action/ do
	have_selector("#link_new_user_session")
	end

	When /see (?:an\|the) authentication notice message/ do
	have_selector("#authentication_notice")
	end

	When /see (?:an\|the) authentication request message/ do
	have_selector("#authentication_request")
	end

	When /see (?:an\|the) authentication success message/ do
	# example of rspec synax - requires rspec, rspec-rails and webrat
	have_selector("#authenticated_session_header")
	end

	When /terminates current session/ do
	# webrat step - replace label with ccs selector value
	Then "I follow \"End Current Session\""
	end

	When /user authentication page/ do
	visit new_user_session_url
	end

	When /user named "(.*)" authenticates/ do \|name\|
	visit new_user_session_url
	Then "see an authentication request message"
	Then "enter the username \"#{name}\""
	Then "enter the password \"#{name}-password\""
	Then "press the authenticate button"
	Then "see an authentication success message"
	end

	When /user named "(.*)" is authenticated/ do \|name\|
	Then "user named \"#{name}\" authenticates"
	end

	When /(?:user\|visitor) is not authenticated/ do
	visit root_url
	if response.body.match('authenticated_session_header')
	Then "terminates current session"
	end
	end