[Catalyst] Testing controller which require login.
lerickson at rdwarf.net
Wed May 13 05:07:49 GMT 2009
I've been neglecting my test scripts, and I'm finally getting to that
before my app gets any bigger. I want to make sure I don't break anything
that's working, and that it works as well as I think it does.
I'm probably going to have several questions in the next few days about
tests. I think I've got a lot of the basics working; tests pass, I have a
sensible test database and environment. I can see fixtures from here, I
I haven't been able to get a test user logging in and out yet, though.
I have several sections of my application that redirect the user away if
they are not logged in. I have another that returns a 404 if they don't
have access, so prying users can't find it (as easily).
My tests are currently based on the stubs generated by myapp_create,
and use Catalyst::Test. I could move them to WWW::Mechanize::Catalyst if
it would help.
I can't tell if Catalyst::Test supports cookies. Does it? Or do I need
to use WWW::Mechanize::Catalyst for that?
I've read some suggestions on how to go about this, and found a couple.
1> Use WWW::Mechanize::Catalyst to log the user in
2> Use the mock user in config to set a user who is logged in.
The problem with really logging the user in is that the login is a set of
site-wide cookies generated by a Single Sign On system. That system may
or may not have a test instance running. If it does, cookies stored from
it probably won't work with cookies from 'localhost' like the local test
I can set a mock user, but then that user is always logged in. Can that
mock user be changed by the test scripts, so I can have them log out, log
in as an administrator, log in as an unprivileged user, etc, and test the
pages perform correctly? If so, I've missed that - it would work, I
The SSO is available to me as a library. I'm considering adding a login
page to the application, so the test scripts can log in to the SSO through
the application and solve the problem. Is duplicating a little code (not
much, most of it is in a module) to make tests work a good idea?
I'd want the application-specific login page to only be available while
the test scripts are running. In production it shouldn't exist or at the
worst redirect back to the real SSO login page. Writing a function which
behaves differently in test seems like a source of errors to me. Does
this sound possible?
Can I just generate the cookie and put it in the cookie store directly
before the query is made to the application? I can generate the cookie
with the SSO library. I don't see a way to do that through either test
I'm trying to learn and do this in a maintainable, sensible way. Any help
you can give is highly appreciated.
Louis Erickson - lerickson at rdwarf.net - http://www.rdwarf.com/~wwonko/
It is the business of the future to be dangerous.
More information about the Catalyst