Thanks Mike, your comment lead me to the answer:
I was using the development environment to make the tests. I didn't
realized there were some difference between the environments (not
guessed it).
When I started the project, I edited spec/spec_helper.rb (and also
stories/helper.rb) and changed ENV["RAILS_ENV"] to "development",
because I had only one DB user. Of course I can create as many DB
users as I need, this is a development box...
Now using the (right) ENV["RAILS_ENV"] = "test" and problem is solved.
Thanks to Scott Taylor for the other comment.
2008/3/16, Mike Vincent <[EMAIL PROTECTED]>:
> I presume the feature is well tested in rails and disable it in the
> test environment (which is done by default, I think).
>
> # in config/environments/test.rb
> # Disable request forgery protection in test environment
> config.action_controller.allow_forgery_protection = false
>
>
> -Mike
>
>
> On Sat, Mar 15, 2008 at 2:26 PM, Scott Taylor
> <[EMAIL PROTECTED]> wrote:
> >
> >
> > On Mar 16, 2008, at 2:41 PM, Camilo Torres wrote:
> >
> > > I am starting to BDD. When specing the controller I want to test for
> > > object creation:
> > >
> > > it "deberia crear una nueva persona en post create" do
> > > Usuario.should_receive(:create).with({:nombre => "camilo", :clave
> > > => "secreta", :tipo => "administrador"}).and_return(@usuario)
> > >
> > > post 'create', {:usuario => {:nombre => "camilo", :clave =>
> > > "secreta", :tipo => "administrador"}}
> > > end
> > >
> > > But when I add this spec, I start getting this:
> > > 1)
> > > ActionController::InvalidAuthenticityToken in 'UsuarioController
> > > deberia crear una nueva persona en post create'
> > > No :secret given to the #protect_from_forgery call. Set that or use a
> > > session store capable of generating its own keys (Cookie Session
> > > Store).
> > > ./spec/controllers/usuario_controller_spec.rb:30:
> > > script/spec:4:
> > >
> > > This is the only failure. Line 30 is the post "create".
> > >
> > > I am on Ruby 1.8.6, Rails 2.0.2, Rspec 1.1.3 (saw in
> > > vendor/plugins/rspec/CHANGES).
> > >
> > >
> > > I searched google for solutions, found this:
> > >
> > > http://blog.stonean.com/2007/12/rspec-and-protectfromforgery.html
> > >
> > > then I added
> > > @controller.class.protect_from_forgery :secret => "secretkey"
> > > in the before(:each) method. I put the same secret key I found in
> > > environment.rb. But now it gives me:
> > > ActionController::InvalidAuthenticityToken
> > >
> > > I am lost. Why this happens? should not work just fine from the rails
> > > default configuration?.
> > >
> > > I have not changed anything in the environment.rb nor application.rb.
> > > This is just a new project to learn BDD and RoR. Thanks for any clue
> > > to get this to work.
> > > _______________________________________________
> > > rspec-users mailing list
> > > [email protected]
> > > http://rubyforge.org/mailman/listinfo/rspec-users
> >
> > I haven't tried any of this, but here's my guess:
> >
> > One way to get this to work is to stub out protect_from_forgery:
> >
> > controller.stub!(protect_from_forgery).and_return "foo"
> >
> > The better question is: why would you intentionally remove a security
> > feature?
> >
> > Scott
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > rspec-users mailing list
> > [email protected]
> > http://rubyforge.org/mailman/listinfo/rspec-users
> >
> _______________________________________________
> rspec-users mailing list
> [email protected]
> http://rubyforge.org/mailman/listinfo/rspec-users
>
_______________________________________________
rspec-users mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/rspec-users
