Module: Fluence::Gateway::Auth::TestHelpers

Defined in:
lib/fluence/gateway/auth/test_helpers.rb

Overview

Test-only helpers for application specs that need to exercise controllers and channels behind the gateway middleware without signing every request.

Loading this file has a global side effect: it flips Configuration#skip_middleware to true for the whole process, so Middleware stops verifying HMAC signatures. Require it only from a test boot file (typically spec/rails_helper.rb or test/test_helper.rb) — never from production code.

Once loaded, include the module in your example groups to get:

  • #sign_in_as — remember a user for the rest of the example.
  • #gateway_headers_for — build the headers the gateway would inject for that user, ready to hand to a Rack request helper.
  • #sign_in_as_service — remember a client_credentials client_id for the rest of the example.
  • #gateway_service_headers — build the headers for a service call (X-Client-Id and the authenticated marker, no user identity).
  • #anonymous_gateway_headers — build the headers for an anonymous request (empty identity, X-Gateway-Auth: anonymous).

Examples:

RSpec setup

# spec/rails_helper.rb
require 'fluence/gateway/auth/test_helpers'

RSpec.configure do |config|
  config.include Fluence::Gateway::Auth::TestHelpers, type: :request
end

Using the helpers in a request spec

RSpec.describe 'Projects API', type: :request do
  let(:admin) { AdminUser.create!(email: 'a@b.c', gateway_subject: 'sub-1') }

  it 'lists projects' do
    (admin)
    get '/projects', headers: gateway_headers_for
    expect(response).to have_http_status(:ok)
  end
end

Instance Method Summary collapse

Instance Method Details

#anonymous_gateway_headersHash{String => String}

Builds the headers the Fluence Gateway emits for an anonymous request (no credential presented): empty identity plus the informational X-Gateway-Auth marker.

Returns:

  • (Hash{String => String})

    anonymous gateway headers.

#gateway_headers_for(user = @gateway_test_user, client_id: 'test-client') ⇒ Hash{String => String}

Builds the headers the Fluence Gateway would inject for the given user. Returns an empty hash when no user is available, so the call is safe in unauthenticated examples.

Only the headers backed by a responding method are emitted: email, first_name, last_name and scopes are all optional.

Parameters:

  • user (Object, nil) (defaults to: @gateway_test_user)

    explicit user; defaults to the one set by #sign_in_as.

  • client_id (String) (defaults to: 'test-client')

    value placed in X-Client-Id.

Returns:

  • (Hash{String => String})

    headers suitable for a Rack request helper. Empty when no user is signed in.

#gateway_service_headers(client_id: @gateway_test_service_client_id || 'test-client') ⇒ Hash{String => String}

Builds the headers the Fluence Gateway would inject for a client_credentials (service-to-service) request: only X-Client-Id, with no user identity.

Parameters:

  • client_id (String) (defaults to: @gateway_test_service_client_id || 'test-client')

    explicit client_id; defaults to the one set by #sign_in_as_service, or 'test-client'.

Returns:

  • (Hash{String => String})

    X-Client-Id plus the X-Gateway-Auth: authenticated marker, with no user identity.

#sign_in_as(user) ⇒ Object

Remembers a user for subsequent calls to #gateway_headers_for that omit the user argument.

Parameters:

  • user (Object)

    any object responding to the configured Configuration#subject_column (and optionally email, first_name, last_name, scopes).

Returns:

  • (Object)

    the same user, for chaining.

#sign_in_as_service(client_id: 'test-client') ⇒ String

Remembers a client_credentials client_id for subsequent calls to #gateway_service_headers that omit the client_id argument. Counterpart of #sign_in_as for service-to-service requests.

Parameters:

  • client_id (String) (defaults to: 'test-client')

    value stored for later.

Returns:

  • (String)

    the same client_id, for chaining.