[almighty] Approach for writing unit tests for Github OAuth2.0 auth

Todd Mancini tmancini at redhat.com
Thu Oct 13 11:54:50 UTC 2016 

I agree. I'd go one step further -- a mock should be able to produce the
same kinds of errors as the real object, and there should be unit tests for
those conditions so we know we handle failures gracefully.

Sent from my phone, so anticipate hilarious autocorrects
------------------------------
From: Thomas Mäder <tmader at redhat.com>
Sent: ‎10/‎13/‎2016 4:00 AM
To: Shoubhik Bose <shbose at redhat.com>; ALMighty-public
<almighty-public at redhat.com>
Subject: Re: [almighty] Approach for writing unit tests for Github OAuth2.0
auth

Hi Shoubhik,

I think both kinds of test have their place. If we want to verify that our
code does what we want it to do (tests as specification), it makes a lot of
sense to test very specific interactions. Since OAuth is basically a
sequence of requests to our server, there really isn't a need to "mock"
anything: it's just a sequence of http requests where we need to check the
proper responses. I would want this test to work without needing anything
outside my local machine, so that I can work when I'm offline.

However, in the wild, many things may go wrong: it might be as stupid as a
corporate firewall filtering out some headers from requests. Also, our test
might not accurately represent the behaviour of Github OAuth in every
detail. Having that safety net seems valuable to me. It may be hard to
cover every use case in these tests. We may want to start with covering 1-2
basic flows and add more as regression tests as we go along.

What I think is important for productivity is that I can run all the local
tests while I am developing in a simple way.

just my 0.02€

/Thomas


On 10/12/2016 05:55 PM, Shoubhik Bose wrote:

Hi folks,

This is an extension to a discussion we were having about what would be the
apt approach to write tests for Github authentication on the alm core (
backend ).

We've written a bunch of tests which checks if our code does the Github
OAuth flow correctly.

However the alternate school of thought is:

Should we have a 'mock' Github OAuth provider to also test our code, since
conventionally tests should not be depending on external systems.

On the flip-side, if test failures are not caught with a real Github OAuth
provider we might ending up chasing bugs in production.

Let me know your thoughts.


-
Shoubhik


_______________________________________________
almighty-public mailing
listalmighty-public at redhat.comhttps://www.redhat.com/mailman/listinfo/almighty-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/almighty-public/attachments/20161013/0a08fb5f/attachment.htm>
-------------- next part --------------
_______________________________________________
almighty-public mailing list
almighty-public at redhat.com
https://www.redhat.com/mailman/listinfo/almighty-public

More information about the almighty-public mailing list