From b9177bb55d845fc8130d7d59326d1575be265937 Mon Sep 17 00:00:00 2001 From: Mark Moser Date: Sat, 17 Sep 2016 21:53:41 -0500 Subject: [PATCH] oauth cleanup: test fakes and generic provider --- Gemfile | 4 +++ Gemfile.lock | 20 +++++++++--- app/controllers/auth_controller.rb | 12 +++---- app/views/auth/login.erb | 2 +- config/application.yml.sample | 9 +++--- test/controllers/accounts_controller_test.rb | 7 ++-- test/controllers/auth_controller_test.rb | 28 +++++++++++++--- test/fixtures/files/.keep | 0 test/test_helper.rb | 3 ++ test/test_helpers/test_auth_helper.rb | 34 ++++++++++++++++++++ 10 files changed, 96 insertions(+), 23 deletions(-) delete mode 100644 test/fixtures/files/.keep create mode 100644 test/test_helpers/test_auth_helper.rb diff --git a/Gemfile b/Gemfile index de1ffcf..2a3d6b1 100644 --- a/Gemfile +++ b/Gemfile @@ -22,6 +22,10 @@ group :development do gem 'web-console' end +group :test do + gem 'webmock' +end + group :development, :test do gem 'awesome_print' gem 'binding_of_caller' diff --git a/Gemfile.lock b/Gemfile.lock index 59ee7eb..d5abb39 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -38,8 +38,9 @@ GEM i18n (~> 0.7) minitest (~> 5.1) tzinfo (~> 1.1) + addressable (2.4.0) ansi (1.5.0) - arel (7.1.1) + arel (7.1.2) ast (2.3.0) awesome_print (1.7.0) bcrypt (3.1.11) @@ -49,6 +50,8 @@ GEM byebug (9.0.5) coderay (1.1.1) concurrent-ruby (1.0.2) + crack (0.4.3) + safe_yaml (~> 1.0.0) debug_inspector (0.0.2) docile (1.1.5) em-websocket (0.5.1) @@ -62,7 +65,7 @@ GEM ffi (1.9.14) figaro (1.1.1) thor (~> 0.14) - font-awesome-rails (4.6.3.0) + font-awesome-rails (4.6.3.1) railties (>= 3.2, < 5.1) formatador (0.2.5) globalid (0.3.7) @@ -91,6 +94,7 @@ GEM guard-shell (0.7.1) guard (>= 2.0.0) guard-compat (~> 1.0) + hashdiff (0.3.0) http_parser.rb (0.6.0) i18n (0.7.0) jbuilder (2.6.0) @@ -101,7 +105,7 @@ GEM railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (2.0.2) - jwt (1.5.1) + jwt (1.5.5) listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) @@ -196,6 +200,7 @@ GEM unicode-display_width (~> 1.0, >= 1.0.1) ruby-progressbar (1.8.1) ruby_dep (1.4.0) + safe_yaml (1.0.4) sass (3.4.22) sass-rails (5.0.6) railties (>= 4.0.0, < 6) @@ -218,7 +223,7 @@ GEM sprockets (3.7.0) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.1.1) + sprockets-rails (3.2.0) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -232,12 +237,16 @@ GEM thread_safe (~> 0.1) uglifier (3.0.2) execjs (>= 0.3.0, < 3) - unicode-display_width (1.1.0) + unicode-display_width (1.1.1) web-console (3.3.1) actionview (>= 5.0) activemodel (>= 5.0) debug_inspector railties (>= 5.0) + webmock (2.1.0) + addressable (>= 2.3.6) + crack (>= 0.3.2) + hashdiff websocket-driver (0.6.4) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.2) @@ -279,6 +288,7 @@ DEPENDENCIES turbolinks (~> 5) uglifier (>= 1.3.0) web-console + webmock BUNDLED WITH 1.13.0 diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb index ee7b2f4..277b0ff 100644 --- a/app/controllers/auth_controller.rb +++ b/app/controllers/auth_controller.rb @@ -10,11 +10,11 @@ class AuthController < ApplicationController end def auth - redirect_to client.auth_code.authorize_url(redirect_uri: ENV['gitlab_callback']) + redirect_to client.auth_code.authorize_url(redirect_uri: ENV['callback_url']) end def callback - access_token = client.auth_code.get_token(params[:code], redirect_uri: ENV['gitlab_callback']) + access_token = client.auth_code.get_token(params[:code], redirect_uri: ENV['callback_url']) session[:token] = access_token.token user_info(access_token) @@ -24,7 +24,7 @@ class AuthController < ApplicationController private def user_info access_token - @user_info ||= JSON.parse(access_token.get(ENV['gitlab_oauth'] + '/api/v3/user').body) + @user_info ||= JSON.parse(access_token.get(ENV['oauth_path'] + '/api/v3/user').body) session[:name] = @user_info['name'] session[:avatar] = @user_info['avatar_url'] session[:admin] = @user_info['is_admin'] @@ -32,9 +32,9 @@ class AuthController < ApplicationController def client OAuth2::Client.new( - ENV['gitlab_client'], - ENV['gitlab_secret'], - site: ENV['gitlab_oauth'] + ENV['client_key'], + ENV['secret_key'], + site: ENV['oauth_path'] ) end end diff --git a/app/views/auth/login.erb b/app/views/auth/login.erb index 2d1d14c..47c679d 100644 --- a/app/views/auth/login.erb +++ b/app/views/auth/login.erb @@ -1 +1 @@ -<%= link_to "Authenticate with gitlab", auth_path %> +<%= link_to "Authenticate with #{ENV['oauth_provider']}", auth_path %> diff --git a/config/application.yml.sample b/config/application.yml.sample index fd0b986..8612fb5 100644 --- a/config/application.yml.sample +++ b/config/application.yml.sample @@ -5,10 +5,11 @@ defaults: &defaults mysql_usr: "user" mysql_pwd: "password" full_app_url: "localhost:3000" - gitlab_oauth: provider-url - gitlab_client: client-id - gitlab_secret: client-secret - gitlab_callback: local-callback + oauth_provider: Provider-HumanName + oauth_path: provider-url + client_key: client-id + secret_key: client-secret + callback_url: local-callback development: <<: *defaults diff --git a/test/controllers/accounts_controller_test.rb b/test/controllers/accounts_controller_test.rb index 2b6d658..05f8f8e 100644 --- a/test/controllers/accounts_controller_test.rb +++ b/test/controllers/accounts_controller_test.rb @@ -1,15 +1,16 @@ require 'test_helper' class AccountsControllerTest < ActionDispatch::IntegrationTest + include TestAuthHelper + setup do + get auth_path @account = accounts(:account1) - # get login_path - # session[:token] = 'fake-oauth-token' - # session[:name] = "Fake User" end test "should get index" do get accounts_url + assert_response :success end diff --git a/test/controllers/auth_controller_test.rb b/test/controllers/auth_controller_test.rb index 928f072..2a7d2ec 100644 --- a/test/controllers/auth_controller_test.rb +++ b/test/controllers/auth_controller_test.rb @@ -1,8 +1,28 @@ require 'test_helper' class AuthControllerTest < ActionDispatch::IntegrationTest - # test "should get auth" do - # get auth_url - # assert_response :redirect - # end + include TestAuthHelper + + test "should get auth" do + # This is not a real test of AuthController! + # We are really testing that the monkey path is correct + # + # This simply tests to make sure the test suite is + # properly monkey patching the oAuth network call and + # faking the needed session variables. + # + # If you want to really test the oAuth flow you will need to + # hit the real services, or stand up a proper fake service. + get auth_path + assert_redirected_to accounts_path + end + + test "should verify callbacks result" do + # If AuthController#callback ever changes final + # redirection, the patched version should also + # be updated in (lin e10) of + # test/test_helpers/test_auth_helper.rb + + assert_equal "redirect_to accounts_path", last_line_in_callback + end end diff --git a/test/fixtures/files/.keep b/test/fixtures/files/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/test/test_helper.rb b/test/test_helper.rb index 97952b5..4d806cc 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -11,8 +11,11 @@ require File.expand_path('../../config/environment', __FILE__) require 'rails/test_help' require "minitest/autorun" require 'minitest/reporters' +require 'webmock/minitest' Dir[Rails.root.join("test/test_helpers/**/*.rb")].each { |f| require f } +WebMock.disable_net_connect!(allow_localhost: true) + Minitest::Reporters.use! [Minitest::Reporters::DefaultReporter.new(color: true)] class ActiveSupport::TestCase diff --git a/test/test_helpers/test_auth_helper.rb b/test/test_helpers/test_auth_helper.rb new file mode 100644 index 0000000..d13d40e --- /dev/null +++ b/test/test_helpers/test_auth_helper.rb @@ -0,0 +1,34 @@ +module TestAuthHelper + ## Monkey patch AuthController, because...auth. + AuthController.class_eval do + alias_method :org_callback, :callback + + def callback + session[:token] = "fake-auth-token-thing" + session[:name] = "Fake Name" + + redirect_to accounts_path + end + + alias_method :auth, :callback + end + + def auth_user + get '/auth/callback' + end + + def last_line_in_callback + path, line_no = AuthController.instance_method(:org_callback).source_location + + file = File.open(path) + line_no.times { file.readline } + tmp_line = nil + until tmp_line == 'end' + last_line = tmp_line + tmp_line = file.readline.strip + end + file.close + + last_line + end +end