Improve our approach for testing auth (part 2) - basicAuth #9983
Conversation
Change auth tests to include all shields of the base class. The code is formated to be used in more general cases and increases code reuseability.
We already test all existing classes, no need for a dummy
Add getBadgeExampleCall to extract the first OpenAPI example then reformat it for service invoke function.
Add the testAuth function which tests auth of a service (badge) using a provided dummy response.
Add all auth methods used to testAuth to be generic and used by all services. Add helper functions to make testAuth more readable
Use apiHeaderKey & bearerHeaderKey as function params rather then extracting them with regex from function strings. Those options are now part of an options object param joined with the contentType that replaces header. header was originaly added for setting content type of the reply, so it makes more sense to directly set the content type
Before this commit the QueryStringAuth would only work for the key of stackexchange. This commit makes the testAuth function generic and allows passing user and pass keys.
Might set wrong header for jwt login request. This commit fixes that.
Some services might have more then one authOrigin. This commit makes sure we test for redundent authOrigins as well as support requests to them if needed.
Prior to this change, JwtAuth testing would lead to erros due to the absence of a specified login endpoint, Nock would be dumplicated for both login and non login hosts and indicate a missing request. This commit enforces the requirement for a new jwtLoginEndpoint argument when testing JwtAuth. The argument seperates the endpoint nock scope from the behavior of the request nock.
Enhance reliability by throwing a TypeError when a service key definition is missing. It's common for a key to be missing and might require the developer that writes tests to provide a fake on that fits the examples used. Key changes: - Added a check for missing service key definitions in getServiceClassAuthOrigin. - Throws a TypeError with a clear message if the key is not found. - Guides devs to use an override if needed which is often.
Addresses a scenario where generateFakeConfig/testAuth would fail for classes using auth.userKey without auth.passKey. Ensures proper handling of user-specific authentication even if a password key is not present. Throws a TypeError only when both fakeKey and fakeUser are missing. Better fit for AuthHelper behivor.
Added for services without openApi examples. Dev can use example override to add example inputs in those cases.
jNullj
force-pushed
the
feat/9493/improve-auth-testing
branch
from
c6079c5
to
8b8bf19
Compare
Some services might have more then one request to auth with the server for the same shield. This commit adds support for those requests in testAuth using the new multipleRequests option.
Missing return for async mocha tests caused the tests to run async and throw errors of one test in another. This commit makes sure all testAuth tests return a promise to mocha for it to await.
jNullj
force-pushed
the
feat/9493/improve-auth-testing
branch
from
6a74894
to
1b425aa
Compare
|
This PR is larger then i anticipated, next time i will break down to groups of 1-2 services. |
|
Yeah - this one looks like a bit of a beast. Just to set expectations, I'm going to be away on holiday all next week so I may not get to reviewing this for a while - we'll see how it goes. It is on my radar though. Thanks for your continued help with this project :) |
|
Hi. Sorry it has taken a while to get back to this. To start with, I've just been looking at the changes to Here's a question for you: I'm not sure I have all the answers, but if every service (or nearly every) service we want to test means we have to add some new optional param to the test helper function to test it, I think that is telling us that we're zeroing in on the wrong abstraction here. |
For scale, in this PR i updated tests of 8 services to use Some insight:
Should we focus on another iteration where we try to reduce some options i mentioned above or should we focus more on new ways to tackle the larger issue? Its hard to tell if we will see many more options used in the tests not yet converted or not before attempting to add those tests. |
|
OK. Thanks for summarising all of that.
|
The `ignoreOpenApiExample` option in the `testAuth` function is no longer needed and has been removed. This option was used to ignore OpenAPI examples for classes without OpenAPI, but it is no longer necessary as the function now handles this case correctly. BaseService defines by dafault empty object for openApi so if nothing is set we expect empty obj. Warn devs about missing openApi as openApi is standard for services now.
|
Sorry for the long time, I'm getting back to this PR. Will push a few more commits in the coming days, Will convert to draft while WIP. |
Improve authTest by handeling boolean example extractions. Remove example override not needed after this change.
The openApi example extraction function did not handle boolean like |
|
I can actually get rid of /*
JetBrains is a bit awkward. Sometimes we want to call an XML API
and sometimes we want to call a JSON API so we need a mongrel base class.
When the legacy IntelliJ (XML) API is retired we can simplify all this and
switch JetbrainsDownloads, JetbrainsRating and JetbrainsVersion to just
inherit from BaseJsonService directly.
*/Will add in the next commit edit: SymfonyInsightBase and Bountysource are unique and override the accepted content-type but it appears the we use the same content-type suffix and it fits the request - is that how it should work? |
…ion from testAuth Refactor the base service classes (BaseGraphqlService, BaseJsonService, BaseSvgScrapingService, BaseTomlService, BaseXmlService, BaseYamlService) to use static headers for access from other function to header types. Remove testAuth contentType option and use the new headers veriable to extract headers insted.
This option is removed
|
@chris48s can i split |
This PR is follow-up for #9681 and helps to reach the goal of #9493
This PR will include refactor of all basicAuth services:
Additional changes to authTest:
4d57607 - Add exampleOverride
f156762 - Add authOverride
cd6c65b - Add configOverrid
cf34fae - Split invoke params into path and query
a713669 - Improve error handling, Throw error when service auth key is missing
99a01e1 - Handle case of userKey without passKey
74554d7 - Add option to ignore openApi example in testAuth
8c38355 - Handle auth.defaultToEmptyStringForUser
57163eb - Add support for multiple requests in service