search

ueberauth / guardian

Elixir Authentication
MIT License
3.44k stars 381 forks source link

Allow quick sign in for acceptance tests #90

Closed aaronrenner closed 7 years ago

aaronrenner commented 8 years ago

When I'm working in Ruby, I really enjoy how Clearance's Backdoor Middleware allows me to skip the sign in process when writing browser-level acceptance tests. When in my test environment, I can append the as query string parameter when I make a request, and I'm automatically signed in as that user. (Here's how I'd make the request using Hound).

navigate_to "/?as=#{user.id}"

What would you think about guardian having a middleware that allows developers to be able to skip the sign in process during acceptance tests? To enable this, I was thinking they might add the following to their web/router.ex file.

pipeline :browser_session do
  if Mix.env == :test do
    plug Guardian.Plug.Backdoor
  end

  plug Guardian.Plug.VerifySession
  plug Guardian.Plug.LoadResource
end

I'd be happy to work on this and I'm still thinking over the implementation details, but I wanted to run it by you before I start.

hassox commented 8 years ago

Putting the value into the session is a bit of a pain. A backdoor would be awesome :D

aaronrenner commented 8 years ago

I've got a proof of concept done for this and will be submitting a PR in the next couple of days.

hassox commented 8 years ago

cool

aphillipo commented 8 years ago

I'm looking for something like this too. Not sure of the correct way to do this without the Backdoor Middleware... What do people do in the mean time?

EDIT: https://github.com/ueberauth/guardian/issues/53

hassox commented 8 years ago

@aphillipo Down the bottom of http://blog.overstuffedgorilla.com/simple-guardian/ there's a way to work with session stored tokens. The backdoor middleware will make this dance much simpler.

jamesvl commented 8 years ago

The example in the blog mentioned above is what I was looking for - would you consider adding that snippet to the docs or readme file?

And although it's slower, I like that method better than the backdoor middleware which uses GET params to setup a fake user - for purposes of testing various routes, you are now no longer testing the exact route (since it has a query string), and there's a chance it conflicts with expected parameters (unlikely, but possible).

doomspork commented 8 years ago

@aaronrenner / @hassox — any updates on this functionality and PR #120?

scrogson commented 7 years ago

Tracking this in https://github.com/ueberauth/guardian/pull/354