A 相关问题 https://stackoverflow.com/questions/12041091/ror-testing-an-action-that-uses-http-token-authentication意味着我可以使用令牌身份验证来测试请求,在我的
集成测试,如下:
get "/v1/sites", nil, :authorization => "foo"
assert_response :success
由于某种原因,标头无法到达我的应用程序:
get "/v1/sites", nil, :authorization => "foo"
assert_match response.headers, /foo/
Expected {"X-Frame-Options"=>"SAMEORIGIN", "X-XSS-Protection"=>"1; mode=block", "X-Content-Type-Options"=>"nosniff", "X-UA-Compatible"=>"chrome=1", "WWW-Authenticate"=>"Token realm=\"Application\"", "Content-Type"=>"text/html; charset=utf-8", "Cache-Control"=>"no-cache", "X-Request-Id"=>"23915302-9cfe-424d-86fe-5d60bc0d6b2c", "X-Runtime"=>"0.054857", "Content-Length"=>"27"} to match /foo/.
授权标头未通过,我可以在放置时确认throw response.headers
在控制器中。当我
测试例如卷曲,我do看到标题通过。在那里我
甚至可以设置令牌并获取访问权限。相关代码来自
控制器是:
module V1
class SitesController < ApplicationController
before_filter :restrict_access, :only => :index
def index
head :success
end
private
def restrict_access
authenticate_or_request_with_http_token do |token, options|
token == "foo"
end
end
end
end
这是最迷你的,在 Rails 4 上,使用Rails-API https://github.com/rails-api/rails-api
作为参考,这里是中间件堆栈,它比大多数默认的 Rails 应用程序要精简得多。
use ActionDispatch::Static
use Rack::Lock
use #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x992cd28>
use Rack::Runtime
use ActionDispatch::RequestId
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::DebugExceptions
use ActionDispatch::RemoteIp
use ActionDispatch::Reloader
use ActionDispatch::Callbacks
use ActiveRecord::Migration::CheckPending
use ActiveRecord::ConnectionAdapters::ConnectionManagement
use ActiveRecord::QueryCache
use ActionDispatch::ParamsParser
use Rack::Head
use Rack::ConditionalGet
use Rack::ETag
run MyApp::Application.routes