Sean's Obsessions » Ruby on Rails http://ertw.com/blog Just another WordPress weblog Thu, 15 Jul 2010 12:57:25 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Load testing a Rails app with JMeter and the authenticity_token http://ertw.com/blog/2010/06/29/load-testing-a-rails-app-and-the-authenticity_token/ http://ertw.com/blog/2010/06/29/load-testing-a-rails-app-and-the-authenticity_token/#comments Wed, 30 Jun 2010 02:50:42 +0000 sean http://ertw.com/blog/?p=262 <input name="authenticity_token" type="hidden" value="16iUP1J2tdSKyvHKgYR/I/og6K7NgPPmTHCZ+idQP4k=" /> </div> The token is also encrypted in the session so that the [...]

a

]]> I have been slowly learning how to use JMeter to load test the Small Payroll application. One of the problems has been getting around the CSRF protection that Rails puts in with the authenticity_token parameter.

Each form has a hidden form element:

<div style="margin:0;padding:0;display:inline">
<input name="authenticity_token" type="hidden"
value="16iUP1J2tdSKyvHKgYR/I/og6K7NgPPmTHCZ+idQP4k=" />
</div>

The token is also encrypted in the session so that the response to the form has to match. This value changes every time the form is loaded and can’t be set to a known value, otherwise it would be easy to defeat the CSRF protection. This means that JMeter has to figure out the token and put it into the POST.

Googling around, I found some people that said they did it, and a lot of people who couldn’t get it to work, but no solid walkthroughs.

Here’s my solution:

There are three elements. The first is the HTTP request sampler that gets the login page. Under that is a regular expression extractor post processor that gets the authenticity token. The extractor uses a simple regexp to pull out the value parameter and saves it to the LOGIN_AUTH_TOKEN variable. The login is then done by making reference to the variable – ${LOGIN_AUTH_TOKEN}. Make sure you have the Encode? button checked, as the authenticity_token is not always base-64 friendly!

The final step, not pictured, is that you have an HTTP Cookie Manager in your thread group to take care of cookies. You probably already have one, though.

Sean

a

]]> http://ertw.com/blog/2010/06/29/load-testing-a-rails-app-and-the-authenticity_token/feed/ 0 Shoulda, nested contexts, and should_change_by http://ertw.com/blog/2009/09/03/shoulda-nested-contexts-and-should_change_by/ http://ertw.com/blog/2009/09/03/shoulda-nested-contexts-and-should_change_by/#comments Fri, 04 Sep 2009 01:24:32 +0000 sean http://ertw.com/blog/?p=223 a

]]> I love some of shoulda’s macros, partially because it forces me to think about my tests and put them in setup blocks, which ends up making things cleaner.

So I ran into a case where I do an action and use should_change to make sure that a certain number of rows were added to a table, then I do it again and make sure they don’t change. So I used a nested set of contexts to handle this:

context "do it once" do
  setup do
    post :method, :foo => {...}
  end
  should_change("something", :by => 6) {Something.count}
  #... other tests ...
  context "do it a second time" do
     setup do
       post :method, :foo => {...}
     end
     # should it change by 6 or 0?
  end
end

I wasn’t sure if the should_change applied to both the setup blocks or only the second. Turns out it’s only the second, so it should not change in the second test. Here’s proof:

require 'test_helper'

class SomethingControllerTest < ActionController::TestCase

  context "outer" do
    setup do
      @user = Factory.create(:valid_user)
    end
    should_change("number of users", :by => 1) { User.count }
    context "inner" do
      setup do
      end
      should_change("number of users", :by => 0) { User.count }
    end
  end
end

Since I didn’t write my tests before I wrote the code I wasn’t sure if my code was bad or my test was. Now I know how the test could be structured and I could test properly.

a

]]> http://ertw.com/blog/2009/09/03/shoulda-nested-contexts-and-should_change_by/feed/ 0