Rails - Jun 2005 - Frustrating Day testing!

I''ve been using rails for a while quite successfully but my conscience
has got the better of me today and I decided I had better get my tests  
in order. What a night mare this turned out to be!

Top 2 problems...

login_generator testing.

   def test_auth
     assert_equal  @bob, User.authenticate("fred", "tenst")
     assert_nil    User.authenticate("nonbob", "test")

   end

This test always fails because User#authenticate always returns the  
same user no matter what username and password is used. Now I''ve been  
using login_generator live for quite a while so this was a bit of a  
shock! Luckily it seems to work ok on my live site.

using the standard fixtures this...

     p @bob
     p @longbob
     p User.authenticate("fred", "tenst")
     p User.authenticate("bob", "test")

returns

#<User:0x2394de4 @attributes={"id"=>"1000001",
"login"=>"bob",
"password"=>"9a91e1d8d95b6315991a88121bb0aa9f03ba0dfc"}>
#<User:0x23963b0 @attributes={"id"=>"1000003",
"login"=>"longbob",
"password"=>"8e9b1a9a38e66ca572a5e8fdac8e256848842dfa"}>
#<User:0x2393778 @attributes={"id"=>"1000002",
"login"=>"existingbob",
"password"=>"9a91e1d8d95b6315991a88121bb0aa9f03ba0dfc"}>
#<User:0x2392120 @attributes={"id"=>"1000002",
"login"=>"existingbob",
"password"=>"9a91e1d8d95b6315991a88121bb0aa9f03ba0dfc"}>

Note that "fred" isn''t even in the db!

So I decided to have a crack at debugging this myself. I put a  
breakpoint in the code

     def self.authenticate(login, pass)
         find :first, ["login = ? AND password = ?", login,
sha1(pass)]
         breakpoint("User#authenticate")
     end

and got this...

1) Error:
test_auth(UserTest):
ArgumentError: Binding.of_caller used in non-method context or trailing  
statements of method using it aren''t in the block.
      
/usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/ 
binding_of_caller.rb:69:in `of_caller''
      
/usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/ 
binding_of_caller.rb:69:in `call''
      
/usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/ 
binding_of_caller.rb:43:in `of_caller''
      
/usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/breakpoint.rb:513:in  
`breakpoint''
     ./test/unit/../../config/..//app/models/user.rb:8:in
`authenticate''
     ./test/unit/user_test.rb:10:in `test_auth''

Any ideas?

I have more problems but this will do for starters.

TIA Henry

Seems the login on my live site doesn''t work after all!

I have changed the User#authenticate

     def self.authenticate(login, pass)
#        find :first, ["login = ? AND password = ?", login,
sha1(pass)]
         find_by_login_and_password login, sha1(pass)
     end

Which now works correctly. Seems the AND is being treated as an OR.


On 04/06/2005, at 5:40 PM, Henry Maddocks wrote:
> I''ve been using rails for a while quite successfully but my
conscience
> has got the better of me today and I decided I had better get my tests  
> in order. What a night mare this turned out to be!
>
> Top 2 problems...
>
> login_generator testing.
>
>   def test_auth
>     assert_equal  @bob, User.authenticate("fred",
"tenst")
>     assert_nil    User.authenticate("nonbob", "test")
>
>   end
>
> This test always fails because User#authenticate always returns the  
> same user no matter what username and password is used. Now I''ve
been
> using login_generator live for quite a while so this was a bit of a  
> shock! Luckily it seems to work ok on my live site.
>
> using the standard fixtures this...
>
>     p @bob
>     p @longbob
>     p User.authenticate("fred", "tenst")
>     p User.authenticate("bob", "test")
>
> returns
>
> #<User:0x2394de4 @attributes={"id"=>"1000001",
"login"=>"bob",
>
"password"=>"9a91e1d8d95b6315991a88121bb0aa9f03ba0dfc"}>
> #<User:0x23963b0 @attributes={"id"=>"1000003",
"login"=>"longbob",
>
"password"=>"8e9b1a9a38e66ca572a5e8fdac8e256848842dfa"}>
> #<User:0x2393778 @attributes={"id"=>"1000002",
"login"=>"existingbob",
>
"password"=>"9a91e1d8d95b6315991a88121bb0aa9f03ba0dfc"}>
> #<User:0x2392120 @attributes={"id"=>"1000002",
"login"=>"existingbob",
>
"password"=>"9a91e1d8d95b6315991a88121bb0aa9f03ba0dfc"}>
>
> Note that "fred" isn''t even in the db!
>
> So I decided to have a crack at debugging this myself. I put a  
> breakpoint in the code
>
>     def self.authenticate(login, pass)
>         find :first, ["login = ? AND password = ?", login,
sha1(pass)]
>         breakpoint("User#authenticate")
>     end
>
> and got this...
>
> 1) Error:
> test_auth(UserTest):
> ArgumentError: Binding.of_caller used in non-method context or  
> trailing statements of method using it aren''t in the block.
>      
> /usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/ 
> binding_of_caller.rb:69:in `of_caller''
>      
> /usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/ 
> binding_of_caller.rb:69:in `call''
>      
> /usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/ 
> binding_of_caller.rb:43:in `of_caller''
>      
> /usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/breakpoint.rb:513: 
> in `breakpoint''
>     ./test/unit/../../config/..//app/models/user.rb:8:in
`authenticate''
>     ./test/unit/user_test.rb:10:in `test_auth''
>
> Any ideas?
>
> I have more problems but this will do for starters.
>
> TIA Henry
>
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

What does the log file show as the SQL being run (in your failing case)?

On 6/4/05, Henry Maddocks <henryj-wUU9E3n5/m4qAMOr+u8IRA@public.gmane.org>
wrote:
> Seems the login on my live site doesn''t work after all!
> 
> I have changed the User#authenticate
> 
>      def self.authenticate(login, pass)
> #        find :first, ["login = ? AND password = ?", login,
sha1(pass)]
>          find_by_login_and_password login, sha1(pass)
>      end
> 
> Which now works correctly. Seems the AND is being treated as an OR.
> 
> 
> On 04/06/2005, at 5:40 PM, Henry Maddocks wrote:
> 
> > I''ve been using rails for a while quite successfully but my
conscience
> > has got the better of me today and I decided I had better get my tests
> > in order. What a night mare this turned out to be!
> >
> > Top 2 problems...
> >
> > login_generator testing.
> >
> >   def test_auth
> >     assert_equal  @bob, User.authenticate("fred",
"tenst")
> >     assert_nil    User.authenticate("nonbob",
"test")
> >
> >   end
> >
> > This test always fails because User#authenticate always returns the
> > same user no matter what username and password is used. Now
I''ve been
> > using login_generator live for quite a while so this was a bit of a
> > shock! Luckily it seems to work ok on my live site.
> >
> > using the standard fixtures this...
> >
> >     p @bob
> >     p @longbob
> >     p User.authenticate("fred", "tenst")
> >     p User.authenticate("bob", "test")
> >
> > returns
> >
> > #<User:0x2394de4
@attributes={"id"=>"1000001",
"login"=>"bob",
> >
"password"=>"9a91e1d8d95b6315991a88121bb0aa9f03ba0dfc"}>
> > #<User:0x23963b0
@attributes={"id"=>"1000003",
"login"=>"longbob",
> >
"password"=>"8e9b1a9a38e66ca572a5e8fdac8e256848842dfa"}>
> > #<User:0x2393778
@attributes={"id"=>"1000002",
"login"=>"existingbob",
> >
"password"=>"9a91e1d8d95b6315991a88121bb0aa9f03ba0dfc"}>
> > #<User:0x2392120
@attributes={"id"=>"1000002",
"login"=>"existingbob",
> >
"password"=>"9a91e1d8d95b6315991a88121bb0aa9f03ba0dfc"}>
> >
> > Note that "fred" isn''t even in the db!
> >
> > So I decided to have a crack at debugging this myself. I put a
> > breakpoint in the code
> >
> >     def self.authenticate(login, pass)
> >         find :first, ["login = ? AND password = ?", login,
sha1(pass)]
> >         breakpoint("User#authenticate")
> >     end
> >
> > and got this...
> >
> > 1) Error:
> > test_auth(UserTest):
> > ArgumentError: Binding.of_caller used in non-method context or
> > trailing statements of method using it aren''t in the block.
> >
> > /usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/
> > binding_of_caller.rb:69:in `of_caller''
> >
> > /usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/
> > binding_of_caller.rb:69:in `call''
> >
> > /usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/
> > binding_of_caller.rb:43:in `of_caller''
> >
> > /usr/local/lib/ruby/gems/1.8/gems/rails-0.12.1/lib/breakpoint.rb:513:
> > in `breakpoint''
> >     ./test/unit/../../config/..//app/models/user.rb:8:in
`authenticate''
> >     ./test/unit/user_test.rb:10:in `test_auth''
> >
> > Any ideas?
> >
> > I have more problems but this will do for starters.
> >
> > TIA Henry
> >
> > _______________________________________________
> > Rails mailing list
> > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
> 
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

On 6/4/05, Henry Maddocks <henryj-wUU9E3n5/m4qAMOr+u8IRA@public.gmane.org>
wrote:
> Seems the login on my live site doesn''t work after all!
> 
> I have changed the User#authenticate
> 
>      def self.authenticate(login, pass)
> #        find :first, ["login = ? AND password = ?", login,
sha1(pass)]
>          find_by_login_and_password login, sha1(pass)
>      end
> 
> Which now works correctly. Seems the AND is being treated as an OR.
???! Could you paste the SQL this generated?
>     def self.authenticate(login, pass)
>       find :first, ["login = ? AND password = ?", login,
sha1(pass)]
>        breakpoint("User#authenticate")
>    end
Be aware that this will return the result of the breakpoint method
from the authenticate method. The "return last line in method" thing
in ruby can sometimes lead to unexpected results. If there wasn''t
something to this degree see if you need to update your rails.

-- 
Tobi
http://www.snowdevil.ca - Snowboards that don''t suck
http://typo.leetsoft.com - Open source weblog engine
http://blog.leetsoft.com - Technical weblog

On 06/06/2005, at 7:46 AM, Tobias Luetke wrote:
> On 6/4/05, Henry Maddocks
<henryj-wUU9E3n5/m4qAMOr+u8IRA@public.gmane.org> wrote:
>> Seems the login on my live site doesn''t work after all!
>>
>> I have changed the User#authenticate
>>
>>      def self.authenticate(login, pass)
>> #        find :first, ["login = ? AND password = ?", login, 
>> sha1(pass)]
>>          find_by_login_and_password login, sha1(pass)
>>      end
>>
>> Which now works correctly. Seems the AND is being treated as an OR.
>
> ???! Could you paste the SQL this generated?
Here is the sql. It is worse than I thought. It is just returning *!

Login with correct user and password

Processing AccountController#login (for xxx.xxx.xxx.xxx at Tue Jun 07 
16:27:43 NZST 2005)
   Parameters: {"account/login.html/login"=>nil,
"user_login"=>"henry",
"action"=>"login",
"controller"=>"account",
"user_password"=>"xxxxxxxx",
"login"=>"Login \273"}
   User Load (0.010742)   SELECT * FROM users LIMIT 1
Redirected to /locations/new
Completed in 0.07574 (13 reqs/sec) | DB: 0.01074 (14%)


Login with garbage

Processing AccountController#login (for xxx.xxx.xxx.xxx at Tue Jun 07 
16:30:50 NZST 2005)
   Parameters: {"account/login.html/login"=>nil,
"user_login"=>"hsjafg",
"action"=>"login",
"controller"=>"account",
"user_password"=>"dkjsg",
"login"=>"Login \273"}
   User Load (0.005111)   SELECT * FROM users LIMIT 1
Redirected to /locations/new
Completed in 0.01248 (80 reqs/sec) | DB: 0.00511 (40%)


I have since upgraded to login_generator 1.1.0 and rerun the generate 
script and it seems to be working correctly.


Login with correct user and password

Processing AccountController#login (for xxx.xxx.xxx.xxx at Tue Jun 07 
16:39:55 NZST 2005)
   Parameters: {"account/login.html/login"=>nil,
"user_login"=>"henry",
"action"=>"login",
"controller"=>"account",
"user_password"=>"xxxxxxxx",
"login"=>"Login \273"}
   User Load (0.029231)   SELECT * FROM users WHERE login =
''henry'' AND
password = ''e6d3b3422c9b0c9e514acd8c49b4d94b264b10e4'' LIMIT 1
Redirected to http://history/account/welcome
   User Columns (0.002423)   SHOW FIELDS FROM users
Completed in 0.08961 (11 reqs/sec) | DB: 0.03165 (35%)
   User Columns (0.002249)   SHOW FIELDS FROM users


Login with garbage

Processing AccountController#login (for xxx.xxx.xxx.xxx at Tue Jun 07 
16:40:56 NZST 2005)
   Parameters: {"account/login.html/login"=>nil,
"user_login"=>"sdhsfh",
"action"=>"login",
"controller"=>"account",
"user_password"=>"shshf",
"login"=>"Login \273"}
   User Load (0.001742)   SELECT * FROM users WHERE login =
''sdhsfh'' AND
password = ''f6b1c2c4d0bbb08e4cbdf74bb4639a55ce872f09'' LIMIT 1
Rendering account/login within layouts/scaffold
Rendering layouts/scaffold (200 OK)
Completed in 0.06502 (15 reqs/sec) | Rendering: 0.01018 (15%) | DB: 
0.00174 (2%)

Ah. The difference was that you used 

find :first, ["login = ? AND password = ?", login, sha1(pass)]

which was a mix of new and old syntax which didn''t go far. 

this should be find :first, :conditions => ["login = ? AND password =
?", login,
 sha1(pass)]

On 6/7/05, Henry Maddocks <henryj-wUU9E3n5/m4qAMOr+u8IRA@public.gmane.org>
wrote:
> 
> On 06/06/2005, at 7:46 AM, Tobias Luetke wrote:
> 
> > On 6/4/05, Henry Maddocks
<henryj-wUU9E3n5/m4qAMOr+u8IRA@public.gmane.org> wrote:
> >> Seems the login on my live site doesn''t work after all!
> >>
> >> I have changed the User#authenticate
> >>
> >>      def self.authenticate(login, pass)
> >> #        find :first, ["login = ? AND password = ?",
login,
> >> sha1(pass)]
> >>          find_by_login_and_password login, sha1(pass)
> >>      end
> >>
> >> Which now works correctly. Seems the AND is being treated as an
OR.
> >
> > ???! Could you paste the SQL this generated?
> 
> Here is the sql. It is worse than I thought. It is just returning *!