[rspec-users] Cucumber: acceptance testing OAuth

Matt Wynne matt at mattwynne.net
Tue Jan 6 19:33:20 EST 2009

On 6 Jan 2009, at 23:29, Ben Mabey wrote:

> On 1/6/09 4:08 PM, Matt Wynne wrote:
>> Hi,
>> We're adding OAuth support for our API, and I paired with the guy  
>> who's spiked it today to try and write some features to drive out  
>> the behaviour we need.
>> It ended up getting quite tricky, so if you don't mind I'd like to  
>> bounce my ideas of this list and see what you think.
>> The spike uses the OAuth Provider plugin[1] which is what we're  
>> planning to integrate. This adds a ClientApplication model to your  
>> database. A ClientApplication represents, for example, the flickr  
>> uploader application that I've downlaoded. One User has many  
>> ClientApplications.
>> A ClientApplication instance has a #key and a #secret which are  
>> stored on the server, and also known by the application on the  
>> client side which it represents.
>> Anyway, so back to my Cucumber scenario.
>> In the Given step, I create a User and a ClientApplication. Now I  
>> have to pretend to be the actual API client making a request to my  
>> rails app.
>> At this point, I need to make some special magic OAuth parameters  
>> for the HTTP request, called 'signature' and 'signature_method'.  
>> These signify some magic munging of the key and secret for the  
>> ClientApplication which will (hopefully) be understood and  
>> processed by the SUT.
>> In the real world, you would delegate the work of talking to an  
>> OAuth provider like this to the oauth gem[2]. I had a crack, for an  
>> hour or so, to use the gem in my When step, injecting a fake  
>> replacement for the Net::HTTP which it uses and instead forwarding  
>> calls to rails IntegrationSession post / get methods.
>> This wasn't easy. Net::HTTPResponse objects don't look much like  
>> ActionController::CgiResponse objects, for example, so you have to  
>> do a lot of bridging.
>> So I feel like it's time to pull back and have a re-think. Has  
>> anyone else tried to do something similar, and has some code to  
>> bridge from Net::HTTP objects to the ones used by Rails'  
>> Test::IntegrationSession?
>> Am we barking up the wrong tree? Should we perhaps just spin up a  
>> web server for the test session and just go ahead and call the app  
>> through the gem?
>> Any other ideas? Am I missing anything else obvious?
>> All thoughts greatly appreciated guys!
>> cheers,
>> Matt Wynne
>> http://blog.mattwynne.net
>> http://www.songkick.com
>> [1] http://github.com/pelle/oauth-plugin/tree/master
>> [2] http://github.com/pelle/oauth/tree/master
>> _______________________________________________
>> rspec-users mailing list
>> rspec-users at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/rspec-users
> Hey Matt,
> I don't know the first thing about OAuth and what integrating it  
> into an app entails.  Is it too much of a simplification in saying  
> that it is a third-party webservice that you need to stub out the  
> Net::HTTP requests for?  If not, then this post may give you some  
> ideas:
> http://technicalpickles.com/posts/stop-net-http-dead-in-its-tracks-with-fakeweb
> Sorry if this wasn't too much help.. I guess I don't understand what  
> sort of "bridge from Net::HTTP objects to the ones used by Rails'  
> Test::IntegrationSession" really means.

Yeah I know that was pretty rambling. Let me have another go at  
explaining what I'm trying to do, for the benefit of anyone else who  
might be wondering what I'm on about.

Real world:

     API Client -> OAuth Gem -> Net::HTTP -> (The Internet) -> My  
Rails App

So in order to acceptance-test my Rails app's OAuth features, I need  
to make requests that look a lot like the ones made by the OAuth gem  
when the API client asks it to call my Rails app and authenticate  

So it's not so much that Net::HTTP is a dependency I want to stub out,  
as it's a test-driver I want to leverage. I had figured I might be  
able to do something like this:

     Cucumber Steps -> OAuth Gem -> Patched Net::HTTP ->  
Test::IntegrationSession -> My Rails App

The 'bridge' I'm talking about is something that looks enough like  
Net::HTTP for the OAuth gem to be happy to talk to it, but that will  
actually pass on it's calls to the Rails Test::IntegrationSession  
get / post methods, and pass back the response.

Does that make any more sense?

Matt Wynne

More information about the rspec-users mailing list