[rspec-users] Cucumber: acceptance testing OAuth

Ben Mabey ben at benmabey.com
Tue Jan 6 18:29:53 EST 2009

On 1/6/09 4:08 PM, Matt Wynne wrote:
> Hi,
> We're adding OAuth support for our API, and I paired with the guy 
> who's spiked it today to try and write some features to drive out the 
> behaviour we need.
> It ended up getting quite tricky, so if you don't mind I'd like to 
> bounce my ideas of this list and see what you think.
> The spike uses the OAuth Provider plugin[1] which is what we're 
> planning to integrate. This adds a ClientApplication model to your 
> database. A ClientApplication represents, for example, the flickr 
> uploader application that I've downlaoded. One User has many 
> ClientApplications.
> A ClientApplication instance has a #key and a #secret which are stored 
> on the server, and also known by the application on the client side 
> which it represents.
> Anyway, so back to my Cucumber scenario.
> In the Given step, I create a User and a ClientApplication. Now I have 
> to pretend to be the actual API client making a request to my rails app.
> At this point, I need to make some special magic OAuth parameters for 
> the HTTP request, called 'signature' and 'signature_method'. These 
> signify some magic munging of the key and secret for the 
> ClientApplication which will (hopefully) be understood and processed 
> by the SUT.
> In the real world, you would delegate the work of talking to an OAuth 
> provider like this to the oauth gem[2]. I had a crack, for an hour or 
> so, to use the gem in my When step, injecting a fake replacement for 
> the Net::HTTP which it uses and instead forwarding calls to rails 
> IntegrationSession post / get methods.
> This wasn't easy. Net::HTTPResponse objects don't look much like 
> ActionController::CgiResponse objects, for example, so you have to do 
> a lot of bridging.
> So I feel like it's time to pull back and have a re-think. Has anyone 
> else tried to do something similar, and has some code to bridge from 
> Net::HTTP objects to the ones used by Rails' Test::IntegrationSession?
> Am we barking up the wrong tree? Should we perhaps just spin up a web 
> server for the test session and just go ahead and call the app through 
> the gem?
> Any other ideas? Am I missing anything else obvious?
> All thoughts greatly appreciated guys!
> cheers,
> Matt Wynne
> http://blog.mattwynne.net
> http://www.songkick.com
> [1] http://github.com/pelle/oauth-plugin/tree/master
> [2] http://github.com/pelle/oauth/tree/master
> _______________________________________________
> rspec-users mailing list
> rspec-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/rspec-users

Hey Matt,
I don't know the first thing about OAuth and what integrating it into an 
app entails.  Is it too much of a simplification in saying that it is a 
third-party webservice that you need to stub out the Net::HTTP requests 
for?  If not, then this post may give you some ideas:

Sorry if this wasn't too much help.. I guess I don't understand what 
sort of "bridge from Net::HTTP objects to the ones used by Rails' 
Test::IntegrationSession" really means.


More information about the rspec-users mailing list