[rspec-users] Cucumber: acceptance testing OAuth
matt at mattwynne.net
Tue Jan 6 18:08:11 EST 2009
We're adding OAuth support for our API, and I paired with the guy
who's spiked it today to try and write some features to drive out the
behaviour we need.
It ended up getting quite tricky, so if you don't mind I'd like to
bounce my ideas of this list and see what you think.
The spike uses the OAuth Provider plugin which is what we're
planning to integrate. This adds a ClientApplication model to your
database. A ClientApplication represents, for example, the flickr
uploader application that I've downlaoded. One User has many
A ClientApplication instance has a #key and a #secret which are stored
on the server, and also known by the application on the client side
which it represents.
Anyway, so back to my Cucumber scenario.
In the Given step, I create a User and a ClientApplication. Now I have
to pretend to be the actual API client making a request to my rails app.
At this point, I need to make some special magic OAuth parameters for
the HTTP request, called 'signature' and 'signature_method'. These
signify some magic munging of the key and secret for the
ClientApplication which will (hopefully) be understood and processed
by the SUT.
In the real world, you would delegate the work of talking to an OAuth
provider like this to the oauth gem. I had a crack, for an hour or
so, to use the gem in my When step, injecting a fake replacement for
the Net::HTTP which it uses and instead forwarding calls to rails
IntegrationSession post / get methods.
This wasn't easy. Net::HTTPResponse objects don't look much like
ActionController::CgiResponse objects, for example, so you have to do
a lot of bridging.
So I feel like it's time to pull back and have a re-think. Has anyone
else tried to do something similar, and has some code to bridge from
Net::HTTP objects to the ones used by Rails' Test::IntegrationSession?
Am we barking up the wrong tree? Should we perhaps just spin up a web
server for the test session and just go ahead and call the app through
Any other ideas? Am I missing anything else obvious?
All thoughts greatly appreciated guys!
More information about the rspec-users