How can I test an expected 404 response on a private resource page out of production?












0














I have an application where users are authors of objects called "Binders". This is a private resource where one user shouldn't be able to view the binder of another user unless it is being shared. I would like my application to 404 whenever a user tries to do such a thing. Here is what I have tried so far.



class BindersController < ApplicationController

  before_action :authenticate_user!

  before_action :set_user, only: [:show, :edit, :update, :destroy]

  before_action :authenticate_access, only: [:show, :edit, :update, :destroy]



  # ...



  private

    def authenticate_access

      if current_user != @binder.user

        respond_to do |format|

          format.html { head :missing }

          format.json { head :missing }

        end

      end

    end

end


My problem is that Rails prefers to 500 in development and test. This makes this impossible to check with a test like the following.



class BindersControllerTest < ActionDispatch::IntegrationTest

  include Warden::Test::Helpers



  setup do

    @alices_binder = binders(:alices_binder)

    @alice = users(:alice)

    @eve = users(:eve)

  end



  teardown do

    Warden.test_reset!

  end



  test 'binders#show should be missing if accessed by wrong user'

    login_as @eve, scope: :user

    get binder_url(@alices_binder)

    assert_response :missing

  end

end


How can I properly test this behavior out of production?






ruby-on-rails







share|improve this question
























  • change head :missing by head :not_found
    – edudepetris
    Nov 11 at 3:03










  • on a side note, the correct error code that you should be using in those cases is 403 Forbidden
    – Julien
    Nov 11 at 22:30
















0














I have an application where users are authors of objects called "Binders". This is a private resource where one user shouldn't be able to view the binder of another user unless it is being shared. I would like my application to 404 whenever a user tries to do such a thing. Here is what I have tried so far.



class BindersController < ApplicationController

  before_action :authenticate_user!

  before_action :set_user, only: [:show, :edit, :update, :destroy]

  before_action :authenticate_access, only: [:show, :edit, :update, :destroy]



  # ...



  private

    def authenticate_access

      if current_user != @binder.user

        respond_to do |format|

          format.html { head :missing }

          format.json { head :missing }

        end

      end

    end

end


My problem is that Rails prefers to 500 in development and test. This makes this impossible to check with a test like the following.



class BindersControllerTest < ActionDispatch::IntegrationTest

  include Warden::Test::Helpers



  setup do

    @alices_binder = binders(:alices_binder)

    @alice = users(:alice)

    @eve = users(:eve)

  end



  teardown do

    Warden.test_reset!

  end



  test 'binders#show should be missing if accessed by wrong user'

    login_as @eve, scope: :user

    get binder_url(@alices_binder)

    assert_response :missing

  end

end


How can I properly test this behavior out of production?






ruby-on-rails







share|improve this question
























  • change head :missing by head :not_found
    – edudepetris
    Nov 11 at 3:03










  • on a side note, the correct error code that you should be using in those cases is 403 Forbidden
    – Julien
    Nov 11 at 22:30














0












0








0







I have an application where users are authors of objects called "Binders". This is a private resource where one user shouldn't be able to view the binder of another user unless it is being shared. I would like my application to 404 whenever a user tries to do such a thing. Here is what I have tried so far.



class BindersController < ApplicationController

  before_action :authenticate_user!

  before_action :set_user, only: [:show, :edit, :update, :destroy]

  before_action :authenticate_access, only: [:show, :edit, :update, :destroy]



  # ...



  private

    def authenticate_access

      if current_user != @binder.user

        respond_to do |format|

          format.html { head :missing }

          format.json { head :missing }

        end

      end

    end

end


My problem is that Rails prefers to 500 in development and test. This makes this impossible to check with a test like the following.



class BindersControllerTest < ActionDispatch::IntegrationTest

  include Warden::Test::Helpers



  setup do

    @alices_binder = binders(:alices_binder)

    @alice = users(:alice)

    @eve = users(:eve)

  end



  teardown do

    Warden.test_reset!

  end



  test 'binders#show should be missing if accessed by wrong user'

    login_as @eve, scope: :user

    get binder_url(@alices_binder)

    assert_response :missing

  end

end


How can I properly test this behavior out of production?






ruby-on-rails







share|improve this question















I have an application where users are authors of objects called "Binders". This is a private resource where one user shouldn't be able to view the binder of another user unless it is being shared. I would like my application to 404 whenever a user tries to do such a thing. Here is what I have tried so far.



class BindersController < ApplicationController

  before_action :authenticate_user!

  before_action :set_user, only: [:show, :edit, :update, :destroy]

  before_action :authenticate_access, only: [:show, :edit, :update, :destroy]



  # ...



  private

    def authenticate_access

      if current_user != @binder.user

        respond_to do |format|

          format.html { head :missing }

          format.json { head :missing }

        end

      end

    end

end


My problem is that Rails prefers to 500 in development and test. This makes this impossible to check with a test like the following.



class BindersControllerTest < ActionDispatch::IntegrationTest

  include Warden::Test::Helpers



  setup do

    @alices_binder = binders(:alices_binder)

    @alice = users(:alice)

    @eve = users(:eve)

  end



  teardown do

    Warden.test_reset!

  end



  test 'binders#show should be missing if accessed by wrong user'

    login_as @eve, scope: :user

    get binder_url(@alices_binder)

    assert_response :missing

  end

end


How can I properly test this behavior out of production?






ruby-on-rails




ruby-on-rails






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 10 at 22:19

























asked Nov 10 at 20:04









Jared

94311021




94311021












  • change head :missing by head :not_found
    – edudepetris
    Nov 11 at 3:03










  • on a side note, the correct error code that you should be using in those cases is 403 Forbidden
    – Julien
    Nov 11 at 22:30


















  • change head :missing by head :not_found
    – edudepetris
    Nov 11 at 3:03










  • on a side note, the correct error code that you should be using in those cases is 403 Forbidden
    – Julien
    Nov 11 at 22:30
















change head :missing by head :not_found
– edudepetris
Nov 11 at 3:03




change head :missing by head :not_found
– edudepetris
Nov 11 at 3:03












on a side note, the correct error code that you should be using in those cases is 403 Forbidden
– Julien
Nov 11 at 22:30




on a side note, the correct error code that you should be using in those cases is 403 Forbidden
– Julien
Nov 11 at 22:30

















active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53242941%2fhow-can-i-test-an-expected-404-response-on-a-private-resource-page-out-of-produc%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53242941%2fhow-can-i-test-an-expected-404-response-on-a-private-resource-page-out-of-produc%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

這個網誌中的熱門文章

Academy of Television Arts & Sciences

圖片
American television organization Academy of Television Arts & Sciences Founded 1946 ; 73 years ago  ( 1946 ) Location North Hollywood, California, United States Area served Television industry Product Emmy Awards Key people Frank Scherma ( Chairman and CEO ) Website televisionacademy.com [redirects to emmys.com , official website of the Emmys and the Television Academy The Academy of Television Arts & Sciences ( ATAS ), also colloquially known as the Television Academy , is a professional honorary organization dedicated to the advancement of the television industry in the United States. Founded in 1946, the organization presents the Primetime Emmy Awards, an annual ceremony honoring achievement in U.S. primetime television. Contents 1 History 2 Emmy Award 3 Publications and programs 4 Current governance 4.1 Board of Governors 5 Television Academy honors 5.1 1st Annual (2008) 5.2 2nd Annual (2009)...
閱讀完整內容

L'Équipe

圖片
For other uses, see Équipe (disambiguation). L'Équipe The front page of L'Équipe on 4 July 2011 Type Daily newspaper Format Tabloid Owner(s) Éditions Philippe Amaury Editor François Morinière Editor-in-chief Fabrice Jouhaud Founded 1946 Language French Headquarters Boulogne-Billancourt ISSN 0153-1069 Website www.lequipe.fr L'Équipe ( pronounced  [lekip] , French for "the team") is a French nationwide daily newspaper devoted to sport, owned by Éditions Philippe Amaury. The paper is noted for coverage of association football , rugby, motorsport and cycling. Its predecessor was L'Auto , a general sports paper whose name reflected not any narrow interest but the excitement of the time in car racing. L'Auto originated the Tour de France cycling stage race in 1903 as a circulation booster. The race leader's yellow jersey (French: maillot jaune ) was instituted in 1919, probably to reflect the dist...
閱讀完整內容

1995 France bombings

圖片
This article is a rough translation from French . It may have been generated by a computer or by a translator without dual proficiency. Please help to enhance the translation. The original article is under "français" in the "languages" sidebar. See this article's entry on Pages needing translation into English for discussion. 1995 France bombings Part of Algerian Civil War (spillover) Plaque commemorating the victims of the Saint-Michel station bombing on 25 July 1995 Location Paris and Lyon, France Date 25 July 1995  ( 1995-07-25 ) – 17 October 1995  ( 1995-10-17 ) Weapons Improvised explosive devices, school bombing Deaths 8 Non-fatal injuries 157 Perpetrator Armed Islamic Group Motive To induce the French government to withdraw support from the Algerian government during the Algerian Civil War The 1995 bombings in France were carried out by the Armed Islamic Group (GIA), who were broadening the Alger...
閱讀完整內容