-
-
Notifications
You must be signed in to change notification settings - Fork 7.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Convert signature verification specs to request specs #28443
Conversation
cc @mjankowski since you're working a lot on specs and code style lately, I'd like your feedback on it, especially the long lines, and the routing issues (I used your pattern, but it clears the existing routes) |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #28443 +/- ##
==========================================
+ Coverage 84.28% 84.31% +0.02%
==========================================
Files 1039 1039
Lines 28226 28226
Branches 4550 4550
==========================================
+ Hits 23790 23798 +8
+ Misses 3287 3281 -6
+ Partials 1149 1147 -2 ☔ View full report in Codecov by Sentry. |
On the routes/controller - I think what you are doing here is the least bad way to do this. It's just not as smooth in request specs as controller specs where it's more expected to do this. If we find a better way we can update, but at least for now this method matches what's done elsewhere (a CSP spec, maybe?) On the long lines with the signature values ... the only things I can think of here both from readability and linting perspective would be to put the whole signature value into a heredoc assigned variable, and then do string interpolation when using the value. If the value is purposefully wrong, then just using the raw value makes sense. If the value is calculated from the headers, it might be nice to actually do the calculation here, and/or leave a comment line showing how it was built -- especially if as noted in the PR description, there's some side benefit here to potentially showing others what's being done and what's right/wrong approaches, etc. |
341b2e7
to
e8618d2
Compare
It's similar to what you did with the
Do you have an example on how you'd do it? I'm not sure how a heredoc would help, these values do not have linebreaks. The idea is that implementers would have values to play with without having to run Mastodon itself. |
That rings a bell from the CSP one -- I recall having to work around that as well.
You'd have to massage it a little bit ... something like this would work:
There may be more elegant way there, but that would work. |
There's no such thing in the API CSP test, there's the reloading at teardown, though, which I do here too.
Right, I guess I can do that… this is a little awkward though, especially since it's embedded in a header value that are in a similar situation (too long, no newlines) but for which spaces matter. |
e8618d2
to
a488d6a
Compare
I wouldn't worry too much about the long lines, but it might be nice to include a simple dev Ruby file or rake task or whatever that shows how you generated the spec values for future maintainability if the Signature headers need to change (e.g. if we change the requests or add a new request type we want to spec) |
I added some methods and assertions on the specs to demonstrate how the signature strings are built. It's not exhaustive because that's not the point of the specs, but this should be enough to illustrate how this works and quickly build specs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me and I like having more explicit values everywhere.
If you get an approval from @mjankowski (as he is much knowledgable than myself on specs) then go for merge :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks solid as move from controller->request spec.
If we get feedback from people on the educational uses, we can always revise style/naming on that front later.
Prerequisite for fixing #18474
I decided to hardcode the signature headers so that: