Sunday, May 06, 2007

06/05/07 - Saturday

I wrote yesterday that I was trying to simulate the OpenID website talking in my integration tests. This evening I sat down and attempted to do it better as I wasn't happy with the tests still doing some OpenID related work. I'm pleased to say that I actually got it working. I had tried this approach before but it didn't actually work, but that was because I was doing it in the wrong place. I stuck this in my test_helper.rb file:

require 'session_controller'

class SessionController
  def create
    redirect_to home_path
  end

  def complete
    @user = User.get($mockuser.openid_url)

    if @user.nil?
      @user = User.new(:email => $mockuser.email,
        :nickname => $mockuser.nickname,
        :gender => $mockuser.gender)
      @user.openid_url = $mockuser.openid_url
      @user.save
      session[:return_to] = edit_user_path
    end

    @user.last_login = Time.now
    @user.save

    session[:user_id] = @user.id

    redirect_back_or_default(dashboard_path)
  end
end

What this does is reopens the SessionController class (the controller that handles the login) and overrides the two methods create and complete so that they run different code to the original methods in the SessionController class.

The create method just performs a redirect as the OpenID code would redirect the user to the OpenID website at this point. The complete method is a bit more complicated as it first checks if the user exists, if not then it creates a new user object, saves it, then stores the users profile page, after that it updates the last login time, saves the user to update it, stores the users id, and finally performs the redirect.

To glue all this together I just have to set $mockuser from within my actual test. For example
def login
  $mockuser = user
  get 'login'
  assert_response :success

  post 'session', :openid_url => user.openid_url
  assert_response :redirect

  get 'session/complete'
  assert_response :redirect
  assert_redirected_to dashboard_path
  assert_equal user.id, session[:user_id]
end

which logs in an existing user (I have a different method for logging in a new user as I haven't attempted to combine the methods yet - although I just thought of a good way of doing it!).

This makes all the tests pass plus it doesn't involve any OpenID related code. You might say "well, your tests always assume that the user can login! you don't test for invalid users trying to login". My reply to that is that the OpenID website handles all the checking to see if you are who you say you are. If you are you then the OpenID website redirects back to my website telling me this. If you are not who you say you are then the OpenID website redirects back to my website and tells me that also. Users are only logged in (and created if they're a new user) if the OpenID website tells me that you're real. If it says otherwise then you're redirected back to the login page which displays an appropiate message. I trust that the OpenID code works fine in that regard and that it would never lie about a user being real when they're not, so that's why I'm not too bothered about it.

Posted by Spidah at 12:09 AM

Labels: , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)