oauth cleanup: test fakes and generic provider

2016-09-17 21:53:41 -05:00 · 2016-09-17 21:53:41 -05:00 · b9177bb55d
commit b9177bb55d
parent 5dc60e0b41
10 changed files with 96 additions and 23 deletions
--- a/4
+++ b/4
@ -22,6 +22,10 @@ group :development do
  gem 'web-console'
 end

+group :test do
+  gem 'webmock'
+end
+
 group :development, :test do
  gem 'awesome_print'
  gem 'binding_of_caller'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -38,8 +38,9 @@ GEM
      i18n (~> 0.7)
      minitest (~> 5.1)
      tzinfo (~> 1.1)
+    addressable (2.4.0)
    ansi (1.5.0)
-    arel (7.1.1)
+    arel (7.1.2)
    ast (2.3.0)
    awesome_print (1.7.0)
    bcrypt (3.1.11)
@ -49,6 +50,8 @@ GEM
    byebug (9.0.5)
    coderay (1.1.1)
    concurrent-ruby (1.0.2)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
    debug_inspector (0.0.2)
    docile (1.1.5)
    em-websocket (0.5.1)
@ -62,7 +65,7 @@ GEM
    ffi (1.9.14)
    figaro (1.1.1)
      thor (~> 0.14)
-    font-awesome-rails (4.6.3.0)
+    font-awesome-rails (4.6.3.1)
      railties (>= 3.2, < 5.1)
    formatador (0.2.5)
    globalid (0.3.7)
@ -91,6 +94,7 @@ GEM
    guard-shell (0.7.1)
      guard (>= 2.0.0)
      guard-compat (~> 1.0)
+    hashdiff (0.3.0)
    http_parser.rb (0.6.0)
    i18n (0.7.0)
    jbuilder (2.6.0)
@ -101,7 +105,7 @@ GEM
      railties (>= 4.2.0)
      thor (>= 0.14, < 2.0)
    json (2.0.2)
-    jwt (1.5.1)
+    jwt (1.5.5)
    listen (3.1.5)
      rb-fsevent (~> 0.9, >= 0.9.4)
      rb-inotify (~> 0.9, >= 0.9.7)
@ -196,6 +200,7 @@ GEM
      unicode-display_width (~> 1.0, >= 1.0.1)
    ruby-progressbar (1.8.1)
    ruby_dep (1.4.0)
+    safe_yaml (1.0.4)
    sass (3.4.22)
    sass-rails (5.0.6)
      railties (>= 4.0.0, < 6)
@ -218,7 +223,7 @@ GEM
    sprockets (3.7.0)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
-    sprockets-rails (3.1.1)
+    sprockets-rails (3.2.0)
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
@ -232,12 +237,16 @@ GEM
      thread_safe (~> 0.1)
    uglifier (3.0.2)
      execjs (>= 0.3.0, < 3)
-    unicode-display_width (1.1.0)
+    unicode-display_width (1.1.1)
    web-console (3.3.1)
      actionview (>= 5.0)
      activemodel (>= 5.0)
      debug_inspector
      railties (>= 5.0)
+    webmock (2.1.0)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
    websocket-driver (0.6.4)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.2)
@ -279,6 +288,7 @@ DEPENDENCIES
  turbolinks (~> 5)
  uglifier (>= 1.3.0)
  web-console
+  webmock

 BUNDLED WITH
   1.13.0
--- a/app/controllers/auth_controller.rb
+++ b/app/controllers/auth_controller.rb
@ -10,11 +10,11 @@ class AuthController < ApplicationController
  end

  def auth
-    redirect_to client.auth_code.authorize_url(redirect_uri: ENV['gitlab_callback'])
+    redirect_to client.auth_code.authorize_url(redirect_uri: ENV['callback_url'])
  end

  def callback
-    access_token = client.auth_code.get_token(params[:code], redirect_uri: ENV['gitlab_callback'])
+    access_token = client.auth_code.get_token(params[:code], redirect_uri: ENV['callback_url'])
    session[:token] = access_token.token
    user_info(access_token)

@ -24,7 +24,7 @@ class AuthController < ApplicationController
  private

    def user_info access_token
-      @user_info ||= JSON.parse(access_token.get(ENV['gitlab_oauth'] + '/api/v3/user').body)
+      @user_info ||= JSON.parse(access_token.get(ENV['oauth_path'] + '/api/v3/user').body)
      session[:name] = @user_info['name']
      session[:avatar] = @user_info['avatar_url']
      session[:admin] = @user_info['is_admin']
@ -32,9 +32,9 @@ class AuthController < ApplicationController

    def client
      OAuth2::Client.new(
-        ENV['gitlab_client'],
-        ENV['gitlab_secret'],
-        site: ENV['gitlab_oauth']
+        ENV['client_key'],
+        ENV['secret_key'],
+        site: ENV['oauth_path']
      )
    end
 end
--- a/app/views/auth/login.erb
+++ b/app/views/auth/login.erb
@ -1 +1 @@
-<%= link_to "Authenticate with gitlab", auth_path %>
+<%= link_to "Authenticate with #{ENV['oauth_provider']}", auth_path %>
--- a/config/application.yml.sample
+++ b/config/application.yml.sample
@ -5,10 +5,11 @@ defaults: &defaults
  mysql_usr: "user"
  mysql_pwd: "password"
  full_app_url: "localhost:3000"
-  gitlab_oauth: provider-url
-  gitlab_client: client-id
-  gitlab_secret: client-secret
-  gitlab_callback: local-callback
+  oauth_provider: Provider-HumanName
+  oauth_path: provider-url
+  client_key: client-id
+  secret_key: client-secret
+  callback_url: local-callback

 development:
  <<: *defaults
--- a/test/controllers/accounts_controller_test.rb
+++ b/test/controllers/accounts_controller_test.rb
@ -1,15 +1,16 @@
 require 'test_helper'

 class AccountsControllerTest < ActionDispatch::IntegrationTest
+  include TestAuthHelper
+
  setup do
+    get auth_path
    @account = accounts(:account1)
-    # get login_path
-    # session[:token] = 'fake-oauth-token'
-    # session[:name] = "Fake User"
  end

  test "should get index" do
    get accounts_url
+
    assert_response :success
  end

--- a/test/controllers/auth_controller_test.rb
+++ b/test/controllers/auth_controller_test.rb
@ -1,8 +1,28 @@
 require 'test_helper'

 class AuthControllerTest < ActionDispatch::IntegrationTest
-  # test "should get auth" do
-  #   get auth_url
-  #   assert_response :redirect
-  # end
+  include TestAuthHelper
+
+  test "should get auth" do
+    # This is not a real test of AuthController!
+    # We are really testing that the monkey path is correct
+    #
+    # This simply tests to make sure the test suite is
+    # properly monkey patching the oAuth network call and
+    # faking the needed session variables.
+    #
+    # If you want to really test the oAuth flow you will need to
+    # hit the real services, or stand up a proper fake service.
+    get auth_path
+    assert_redirected_to accounts_path
+  end
+
+  test "should verify callbacks result" do
+    # If AuthController#callback ever changes final
+    # redirection, the patched version should also
+    # be updated in (lin e10) of
+    # test/test_helpers/test_auth_helper.rb
+
+    assert_equal "redirect_to accounts_path", last_line_in_callback
+  end
 end
--- a/test/fixtures/files/.keep
+++ b/test/fixtures/files/.keep
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@ -11,8 +11,11 @@ require File.expand_path('../../config/environment', __FILE__)
 require 'rails/test_help'
 require "minitest/autorun"
 require 'minitest/reporters'
+require 'webmock/minitest'
 Dir[Rails.root.join("test/test_helpers/**/*.rb")].each { |f| require f }

+WebMock.disable_net_connect!(allow_localhost: true)
+
 Minitest::Reporters.use! [Minitest::Reporters::DefaultReporter.new(color: true)]

 class ActiveSupport::TestCase
--- a/test/test_helpers/test_auth_helper.rb
+++ b/test/test_helpers/test_auth_helper.rb
@ -0,0 +1,34 @@
+module TestAuthHelper
+  ## Monkey patch AuthController, because...auth.
+  AuthController.class_eval do
+    alias_method :org_callback, :callback
+
+    def callback
+      session[:token] = "fake-auth-token-thing"
+      session[:name] = "Fake Name"
+
+      redirect_to accounts_path
+    end
+
+    alias_method :auth, :callback
+  end
+
+  def auth_user
+    get '/auth/callback'
+  end
+
+  def last_line_in_callback
+    path, line_no = AuthController.instance_method(:org_callback).source_location
+
+    file = File.open(path)
+    line_no.times { file.readline }
+    tmp_line = nil
+    until tmp_line == 'end'
+      last_line = tmp_line
+      tmp_line = file.readline.strip
+    end
+    file.close
+
+    last_line
+  end
+end