Testing with Kelp::Test

[mla]

I need to test making a request for a restricted resource, both as an authenticated and unauthenticated user.

I have a method on my request object that allows me to set the current user.

e.g., $app->req->set_user($user)

It depends on the Session middleware having been loaded.

First I test the unauthenticated case:

  my $t = Kelp::Test->new(app => MyApp->new);

  $t->request(GET $url)->code_is(302);

No problem. The user is redirected to the signin/registration page as expected.

But now how would I set the user as part of a request?

Should I be doing these tests at a different level (e.g., with WWW::Mech or something where I perform the actual login as part of the test)?

I was thinking an advantage of this level is direct access to the $app, but I don't see much to hook onto.

Suggestions?

Thanks

[mla]

Was able to get it working this way, by subclassing MyApp and overriding the request()

method. 

BEGIN {

  package MyApp::Test::Authenticated;

  use parent qw/ MyApp /;

  sub request {

    my ($self, $env) = @_;

    my $req = MyApp::Kelp::Request->new(app => $self, env => $env);

    $req->set_user(user_id => 1);

    return $req;

  }

}

my $t = Kelp::Test->new(app => MyApp::Test::Authenticated->new);

$t->request(GET $url)->code_is(200);

[Stefan Geneshky]

I've actually done some work on this for a project. I've added cookie handling in Kelp::Test. If your authentication is based on cookies, this should work well for you.

I contemplated using Test::WWW::Mechanize for this, but its interface is too old and it doesn't provide the necessary tools to test a contemporary AJAX based web application.

I'll be adding a cookie jar to Kelp::Test in the next day or so and I'll have a new release on CPAN.

I hope that helps.

Stefan

[mla]

On Monday, April 14, 2014 12:58:27 PM UTC-7, Stefan Geneshky wrote:

I've actually done some work on this for a project. I've added cookie handling in Kelp::Test. If your authentication is based on cookies, this should work well for you.

I contemplated using Test::WWW::Mechanize for this, but its interface is too old and it doesn't provide the necessary tools to test a contemporary AJAX based web application.

I'll be adding a cookie jar to Kelp::Test in the next day or so and I'll have a new release on CPAN.

I hope that helps.

Cool. Yes, sounds useful.

I did a bit more work on getting direct access to the internals.

I created a subclass of Kelp::Test for this purpose and overrode the request() method to accept a callback as an optional third parameter:

sub request {

  my $self = shift;

  my $req = shift;

  my $callback = shift;

  my $wrapper = wrap 'Kelp::res', post => $callback if $callback;

  $self->SUPER::request($req);

} 

It's using Hook::LexWrap to execute the callback after the res() object is assigned but before the request is actually handled.

My test code can then say:

my $t = MyApp::Test->new(app => MyApp->new);

$t->request(GET('/restricted'), sub { $_[0]->req->set_user(1) })->code_is(200);

Thoughts?

We could allow named callbacks to intercept the request at different stages. I hooked onto the req() call just because it's the last call before the routing begins, but that's a bit fragile I suppose. And the third parameter requires the HTTP::Request::Common call to be quoted, which is ugly.

Think this makes sense to fold into Kelp::Test directly?

Maurice

[Stefan Geneshky]

Maurice,

Take a look at the last commit in the master branch in Github. I added a cookie jar and cookie handling in Kelp::Test. This should solve 99% of the use cases when it comes to authentication.

Regarding your proposal to add a callback to "request" - I am a big fan of callbacks. I am, however, not a big fan of adding exotic dependencies. Let me play with the above code a while longer and see what can be done.

Regards,

Stefan

[mla]

On Wednesday, April 16, 2014 10:09:12 PM UTC-7, Stefan Geneshky wrote:

Maurice,

Take a look at the last commit in the master branch in Github. I added a cookie jar and cookie handling in Kelp::Test. This should solve 99% of the use cases when it comes to authentication.

Regarding your proposal to add a callback to "request" - I am a big fan of callbacks. I am, however, not a big fan of adding exotic dependencies. Let me play with the above code a while longer and see what can be done.

Thanks, I'll check it out.

I'm hesitant to add unnecessary dependencies too. I thought you'd be loathe to add explicit instrumentation to the baseline code since I know you're keen on maximizing default performance. And Hook::LexWrap is by Damian Conway so I thought it had a good pedigree. Seemed like an okay compromise, but yeah, no problem if you prefer not to integrate it. I appreciate your thoughts on it, regardless.

Maurice