[rspec-users] Cucumber: acceptance testing OAuth
ben at benmabey.com
Tue Jan 6 18:29:53 EST 2009
On 1/6/09 4:08 PM, Matt Wynne wrote:
> We're adding OAuth support for our API, and I paired with the guy
> who's spiked it today to try and write some features to drive out the
> behaviour we need.
> It ended up getting quite tricky, so if you don't mind I'd like to
> bounce my ideas of this list and see what you think.
> The spike uses the OAuth Provider plugin which is what we're
> planning to integrate. This adds a ClientApplication model to your
> database. A ClientApplication represents, for example, the flickr
> uploader application that I've downlaoded. One User has many
> A ClientApplication instance has a #key and a #secret which are stored
> on the server, and also known by the application on the client side
> which it represents.
> Anyway, so back to my Cucumber scenario.
> In the Given step, I create a User and a ClientApplication. Now I have
> to pretend to be the actual API client making a request to my rails app.
> At this point, I need to make some special magic OAuth parameters for
> the HTTP request, called 'signature' and 'signature_method'. These
> signify some magic munging of the key and secret for the
> ClientApplication which will (hopefully) be understood and processed
> by the SUT.
> In the real world, you would delegate the work of talking to an OAuth
> provider like this to the oauth gem. I had a crack, for an hour or
> so, to use the gem in my When step, injecting a fake replacement for
> the Net::HTTP which it uses and instead forwarding calls to rails
> IntegrationSession post / get methods.
> This wasn't easy. Net::HTTPResponse objects don't look much like
> ActionController::CgiResponse objects, for example, so you have to do
> a lot of bridging.
> So I feel like it's time to pull back and have a re-think. Has anyone
> else tried to do something similar, and has some code to bridge from
> Net::HTTP objects to the ones used by Rails' Test::IntegrationSession?
> Am we barking up the wrong tree? Should we perhaps just spin up a web
> server for the test session and just go ahead and call the app through
> the gem?
> Any other ideas? Am I missing anything else obvious?
> All thoughts greatly appreciated guys!
> Matt Wynne
>  http://github.com/pelle/oauth-plugin/tree/master
>  http://github.com/pelle/oauth/tree/master
> rspec-users mailing list
> rspec-users at rubyforge.org
I don't know the first thing about OAuth and what integrating it into an
app entails. Is it too much of a simplification in saying that it is a
third-party webservice that you need to stub out the Net::HTTP requests
for? If not, then this post may give you some ideas:
Sorry if this wasn't too much help.. I guess I don't understand what
sort of "bridge from Net::HTTP objects to the ones used by Rails'
Test::IntegrationSession" really means.
More information about the rspec-users