What are good practices of unit testing facebook Canvas applications ?
Lets say you have MVC application with controllers utilizing local Facebook library which provides access to Graph API, FB session. After all your application depends on facebook authentication mechanism (OAuth and Facebook Connect) thus user is required to authenticate before proceeding.. How would you go with unit tests for controllers ? One thing comes to my mind - having a Facebook library with 'testing' mode and fake session might do the job. Any ideas are appreciated.
When I had this problem, I just wrapped the Facebook library calls in an object (or a set of functions functions), and used a mock of that object in the unit tests.
Related
I'm quiet new to slim, but I want to give it a try. I have created an application, which uses twig as view rendering.
A user should authenticate against a database (via a login form), before access administration. I created a login form, but now I'm stuck.
I found some libraries and middleware, helping with basic HTTP Authentification, but that is not quiet what I want.
I simply could store a session var, after checking the users information with my database, but is this actually secure?
Some people using authentication libraries, like Zend/Authentification oder Session.
Also, there is the whole token based authentification, but I don't know, if I should use this, when not creating an REST application.
I just want to understand, what does mean "secure" in a slim3 application and how to handle a user login with all it's aspects, to create a secure backend experience. Are there any libraries I should use, to build a middleware around?
Thanks for clarification/help.
I've been building applications in Slim for a little over 1 years, and I went through the same problem at the beginning, my tip for you is, as slim is meant to be a simple framework, it has nothing as default, so you you need to build the security of your application;
I started by trying some authentication libs, but starting to build mine.
Basically what i used
First I used Basiauth, with CSRF
Then I set out to build OAuth 2 authentication, ensuring token access to resources, and access rules.
For this I used a very powerful library https://oauth2.thephpleague.com/
I'm building a series of web applications to use in a small business. We will be using laravel framework to build these applications. The first app will manage users, authentication and authorization for all future applications.
I have 2 doubts:
Is there some best pratice / model for this auth integration? How can I tell app B that the user is authenticated and has access to it? I want to build different laravel apps in order to make it easier to maintain, but (at least for now) they'll run in the same server.
Is it possible to make this integration with another php, non-laravel app? I have one legacy webapp, I'm trying to write the session data that authenticates it inside my laravel code and redirecting the user to the app, but the session data apparently isn't "persisting".
Thanks in advance.
It sounds like you are building a micro service architecture if you follow this methodology there is no reason your apps or services even have to be written in the same language as long as they and all interact using RESTful services.
More reading:
http://martinfowler.com/articles/microservices.html
I have written Integration tests for an application built in CodeIgniter 2.x. The tests are a Selenium + PhpUnit combination.
So far, I have used test accounts of Stripe and Amazon within the application and obviously the tests use the same accounts. I was wondering how would i go about creating Mock objects for these APIs so that i can avoid live data creation/deletion.
For Stripe, i could not find any mocking library for PHP. So stubbing the responses and requests does seem to be a good option. But again, even if i use stubs in my tests in place of real data, the application during that certain integration test will still be needing correct information for it to pass.How do i tell the application to use fake data?
Also, i would like to know if it is generally a good idea to mock objects in integration tests i.e. within the context of web applications?
This is a tool that Stripe themselves have developed for mocking Stripe.
https://github.com/stripe/stripe-mock
It runs a server on your local machine that responds to API calls in s Stripe-like fashion. This would be something you could try for acceptance tests
For PHP Unit tests, you'd be better using something like AspectMock - although config is a bit tricky. You can specify in advance what a call to a Stripe resource (e.g. \Stripe\Stripe::setApiKey, or \Stripe\Customer::retrieve) is supposed to return without hitting the Stripe servers - and you can also test whether or not your application code tried to make these calls. You can also simulate failures to test that your application behaves properly if, say, Stripe is down.
I'm writing function unit tests for a REST API built with Symfony2. Part of the REST API checks HTTP basic authentication against a third party web service.
This presents a bit of a challenge when it comes to unit testing as I can't create a temporary user for the third party web service.
I could hard code credentials in, but I was thinking of an alternative approach. Would it be bad practice to hard code in some logic that shortcircuits the third party API call if the environment is test? Is there a better way to do something like this? I'm sure other applications face this problem.
The best practice is to :
Isolate the authentication against the 3rd party WS in a new class
Make a mock for that class for your tests
Use dependency injection so that for your unit test, you can use your mock
I'm looking for a solution to create and configure Facebook Apps via the Facebook APIs.
It doens't matter if its Graph API / FQL or REST API but I couldn't find any way to do this.
You didn't find because this is not possible.
Facebook decided not to support app management and creation using the API, in order to avoid applications created or edited by bots.
Only a few actions are possible using the API:
Migration (like migrating to OAuth2, ...)
Restriction (Geographical, age...)
User ban (add/remove)
Test User Creation/edition/deletion
See http://developers.facebook.com/docs/reference/api/application/ for more info.
You'll notice one of the first sentence: "To create, administer or delete applications developers must go to the Developer Application."
You can use the Legacy REST API to set (and get) application properties:
https://developers.facebook.com/docs/reference/rest/admin.setAppProperties/
But no create API exists, and probably never will due to dirty spammers...