我想在我的 api 应用程序中使用这个 gemhttps://github.com/seangeo/auth-hmac/ https://github.com/seangeo/auth-hmac/
我有一个关于创建请求身份验证测试的问题。
我想用 hmac 签署请求,但 Rails 控制器在下一个代码后没有 http 标头
def setup
#load from fixture
@client = clients(:client_2)
end
def sign_valid_request(request,client)
auth_hmac = AuthHMAC.new(client.key => client.secret )
auth_hmac.sign!(request,client.key)
request
end
def test_response_client_xml
@request = sign_valid_request(@request,@client)
get :index , :api_client_key => @client.key , :format=> "xml"
@xml_response = @response.body
assert_response :success
assert_select 'id' , @client.id.to_s
end
路线有这样的配置
scope '/:token/' do
# route only json & xml format
constraints :format=> /(json|xml)/ do
resources :clients, :only => [:index]
end
end
我在功能测试方面也遇到了同样的问题。要使用 AuthHMAC 正确签署每个请求,您应该将以下内容放入 test_helper.rb
def with_hmac_signed_requests(access_key_id, secret, &block)
unless ActionController::Base < ActionController::Testing
ActionController::Base.class_eval { include ActionController::Testing }
end
@controller.instance_eval %Q(
alias real_process_with_new_base_test process_with_new_base_test
def process_with_new_base_test(request, response)
signature = AuthHMAC.signature(request, "#{secret}")
request.env['Authorization'] = "AuthHMAC #{access_key_id}:" + signature
real_process_with_new_base_test(request, response)
end
)
yield
@controller.instance_eval %Q(
undef process_with_new_base_test
alias process_with_new_base_test real_process_with_new_base_test
)
end
然后在你的功能测试中:
test "secret_method should be protected by an HMAC signature" do
with_hmac_signed_requests(key_id, secret) do
get :protected_method
assert_response :success
end
end
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)