There are several options:
-> You can change the detection behavior of an invalid CSRF token for a reseller session (for example, in Rails 3):
In application_controller.rb
protect_from_forgery with: :exception
to
protect_from_forgery with: :null_session
-> You can do this with a conditional expression, for example:
if Rails.env.test? protect_from_forgery with: :null_session else protect_from_forgery with: :exception end
However, this gave you a slightly different configuration for testing and for dev / production env.
-> You can provide the authentication token manually in tests:
def set_form_authenticity_token session[:_csrf_token] = SecureRandom.base64(32) end
And, in particular, the test:
post :create, admin_user: { email: @admin_user.email, password_digest: @admin_user.password_digest, username: @admin_user.username }, authenticity_token: set_form_authenticity_token
-> You can write your own helper, something like:
def set_form_authenticity_token session[:_csrf_token] = SecureRandom.base64(32) end alias_method :post_without_token, :post def post_with_token(symbol, args_hash) args_hash.merge!(authenticity_token: set_form_authenticity_token) post_without_token(symbol, args_hash) end alias_method :post, :post_with_token