Restful Authentication fails its tests

Tonight I installed the 'restful authentication' plugin. The first thing I always do, after following the 'setup' instructions from the generator, is run the plugin's tests. Plus, I copied the proper 'include' line from the session_controller.rb to application_controller.rb.

The plugin failed several tests on its session_controller. Has anyone else seen this?

cremes$ ruby sessions_controller_test.rb
Loaded suite sessions_controller_test
Started
.FFF.....
Finished in 0.198387 seconds.

  1) Failure:
test_should_fail_cookie_login(SessionsControllerTest) [sessions_controller_test.rb:74]:
<false> is not true.

  2) Failure:
test_should_fail_expired_cookie_login(SessionsControllerTest) [sessions_controller_test.rb:67]:
<false> is not true.

  3) Failure:
test_should_fail_login_and_not_redirect(SessionsControllerTest)
    [/Users/cremes/Documents/development/ruby/library/config/../vendor/rails/actionpack/lib/action_controller/assertions/response_assertions.rb:26:in `assert_response'
     /Users/cremes/Documents/development/ruby/library/config/../vendor/rails/actionpack/lib/action_controller/assertions/response_assertions.rb:18:in `assert_response'
     sessions_controller_test.rb:29:in `test_should_fail_login_and_not_redirect']:
Expected response to be a <:success>, but was <302>

9 tests, 12 assertions, 3 failures, 0 errors

I confirmed that it is allowing logins where the password is clearly incorrect.

Also, I ran 'rake tmp:clear' to clear out all session files and other cruft.

This is on OSX 10.4.8 with Ruby 1.8.4 running Rails 1.2RC1 and the latest restful authentication plugin from its home repository.

cr

That's funny. I just did the same thing.

It seems to me that logged_in is returning the symbol :false instead of
false. On my system, :false evaluates to true.

treybean$ irb
irb(main):001:0> a = :false
=> :false
irb(main):002:0> a
=> :false
irb(main):003:0> if a
irb(main):004:1> puts "a must be true"
irb(main):005:1> else
irb(main):006:1* puts "a must be false"
irb(main):007:1> end
a must be true
=> nil
irb(main):008:0>

I wonder if this is a recent change, or possibly something that might
be fixed my upgrading to Ruby 1.8.5

I'll post if I figure anything else out.

Trey

That's funny. I just did the same thing.

It seems to me that logged_in is returning the symbol :false instead of
false. On my system, :false evaluates to true.

Yes, I just tracked this down myself. All over authenticated_system.rb the author uses the symbol :false when I think he means the value false.

For example:

    def logged_in?
      current_user ||= :false
    end

Interestingly, changing every occurrence of :false to false doesn't magically make all the tests complete successfully. Tests that used to work now fail and the tests that failed now work.

I wonder if this is a recent change, or possibly something that might
be fixed my upgrading to Ruby 1.8.5

I hope not!

I definitely think Rick meant to use the symbol. After all, he even
uses this as a condition in current_user=. I looked at the svn log and
see that he made these changes yesterday. Regression maybe? My bet is
still on the version of ruby.

Trey

Any suggestions on a stable tag for restful_authentication? I'd like to give a stable version of it a test drive.

cr

I use :false, because if I used false or nil it would hit the db again
after each hit. If someone wants to submit a patch with fixed tests,
that'd be great. I'm using this code in 2 apps now and it works fine.
I think there are some instances where it's expecting current_user to
return nil/false. Just use logged_in? instead.

Oh, apparently != is not the same as ||= . Silly mistake, it's fixed now.

http://bs.techno-weenie.net/!revision/2508

Rev 2508 works nicely. All tests pass. Thanks for the quick fix.

cr