omniauth-ebay-oauth implementation #2
Conversation
let(:failure_result) { File.read('spec/fixtures/result_failure.xml') } | ||
let(:success_result) { File.read('spec/fixtures/result_success.xml') } | ||
|
||
before { stub_const("#{described_class}::USER_REQUEST", body) } |
palkan
Nov 5, 2017
Member
Why do we have to stub this const and not use it as body
?
Why do we have to stub this const and not use it as body
?
ignat-z
Nov 5, 2017
•
Author
Contributor
The main reason -- it's easier to read when something went wrong, compare:
You can stub this request with the following snippet:
stub_request(:post, "https://api.com/endpoint").
with(:body => "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<GetUserRequest xmlns=\"urn:ebay:apis:eBLBaseComponents\">\n <ErrorLanguage>en_US</ErrorLanguage>\n <WarningLevel>High</WarningLevel>\n <DetailLevel>ReturnAll</DetailLevel>\n</GetUserRequest>\n",
:headers => {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type'=>'text/xml', 'Host'=>'api.com', 'User-Agent'=>'Ruby', 'X-Ebay-Api-Call-Name'=>'GetUser', 'X-Ebay-Api-Compatibility-Level'=>'967', 'X-Ebay-Api-Iaf-Token'=>'token+1', 'X-Ebay-Api-Siteid'=>'0'}).
to_return(:status => 200, :body => "", :headers => {})
registered request stubs:
stub_request(:post, "https://api.com/endpoint").
with(:body => "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<GetUserRequest xmlns=\"urn:ebay:apis:eBLBaseComponents\">\n <ErrorLanguage>en_US</ErrorLanguage>\n <WarningLevel>High</WarningLevel>\n <DetailLevel>ReturnAll</DetailLevel>\n</GetUserRequest>\n",
:headers => {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type'=>'text/xml', 'Host'=>'api.com', 'User-Agent'=>'Ruby', 'X-Ebay-Api-Call-Name'=>'GetUser', 'X-Ebay-Api-Compatibility-Level'=>'967', 'X-Ebay-Api-Iaf-Token'=>'token', 'X-Ebay-Api-Siteid'=>'0'})
vs
You can stub this request with the following snippet:
stub_request(:post, "https://api.com/endpoint").
with(:body => "<>",
:headers => {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type'=>'text/xml', 'Host'=>'api.com', 'User-Agent'=>'Ruby', 'X-Ebay-Api-Call-Name'=>'GetUser', 'X-Ebay-Api-Compatibility-Level'=>'967', 'X-Ebay-Api-Iaf-Token'=>'token+1', 'X-Ebay-Api-Siteid'=>'0'}).
to_return(:status => 200, :body => "", :headers => {})
registered request stubs:
stub_request(:post, "https://api.com/endpoint").
with(:body => "<>",
:headers => {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type'=>'text/xml', 'Host'=>'api.com', 'User-Agent'=>'Ruby', 'X-Ebay-Api-Call-Name'=>'GetUser', 'X-Ebay-Api-Compatibility-Level'=>'967', 'X-Ebay-Api-Iaf-Token'=>'token', 'X-Ebay-Api-Siteid'=>'0'})
Seems like it will be nice even stub default headers, to reduce all this mass. Furthermore, we don't depend on this constants as code control structure, so we could stub it for free.
BTW, changed from stub_const
to DI.
The main reason -- it's easier to read when something went wrong, compare:
You can stub this request with the following snippet:
stub_request(:post, "https://api.com/endpoint").
with(:body => "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<GetUserRequest xmlns=\"urn:ebay:apis:eBLBaseComponents\">\n <ErrorLanguage>en_US</ErrorLanguage>\n <WarningLevel>High</WarningLevel>\n <DetailLevel>ReturnAll</DetailLevel>\n</GetUserRequest>\n",
:headers => {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type'=>'text/xml', 'Host'=>'api.com', 'User-Agent'=>'Ruby', 'X-Ebay-Api-Call-Name'=>'GetUser', 'X-Ebay-Api-Compatibility-Level'=>'967', 'X-Ebay-Api-Iaf-Token'=>'token+1', 'X-Ebay-Api-Siteid'=>'0'}).
to_return(:status => 200, :body => "", :headers => {})
registered request stubs:
stub_request(:post, "https://api.com/endpoint").
with(:body => "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<GetUserRequest xmlns=\"urn:ebay:apis:eBLBaseComponents\">\n <ErrorLanguage>en_US</ErrorLanguage>\n <WarningLevel>High</WarningLevel>\n <DetailLevel>ReturnAll</DetailLevel>\n</GetUserRequest>\n",
:headers => {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type'=>'text/xml', 'Host'=>'api.com', 'User-Agent'=>'Ruby', 'X-Ebay-Api-Call-Name'=>'GetUser', 'X-Ebay-Api-Compatibility-Level'=>'967', 'X-Ebay-Api-Iaf-Token'=>'token', 'X-Ebay-Api-Siteid'=>'0'})
vs
You can stub this request with the following snippet:
stub_request(:post, "https://api.com/endpoint").
with(:body => "<>",
:headers => {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type'=>'text/xml', 'Host'=>'api.com', 'User-Agent'=>'Ruby', 'X-Ebay-Api-Call-Name'=>'GetUser', 'X-Ebay-Api-Compatibility-Level'=>'967', 'X-Ebay-Api-Iaf-Token'=>'token+1', 'X-Ebay-Api-Siteid'=>'0'}).
to_return(:status => 200, :body => "", :headers => {})
registered request stubs:
stub_request(:post, "https://api.com/endpoint").
with(:body => "<>",
:headers => {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Content-Type'=>'text/xml', 'Host'=>'api.com', 'User-Agent'=>'Ruby', 'X-Ebay-Api-Call-Name'=>'GetUser', 'X-Ebay-Api-Compatibility-Level'=>'967', 'X-Ebay-Api-Iaf-Token'=>'token', 'X-Ebay-Api-Siteid'=>'0'})
Seems like it will be nice even stub default headers, to reduce all this mass. Furthermore, we don't depend on this constants as code control structure, so we could stub it for free.
BTW, changed from stub_const
to DI.
Thank you for quick and clean implementation! Some things that should be fixed for use in real apps:
|
# https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema | ||
class UserInfo | ||
MAPPING = { | ||
uid: %w[GetUserResponse User UserID], |
Envek
Nov 6, 2017
Member
Unfortunately, eBay username is not reliable value as the user can change it and can change it frequently.
So it's better to use scary EIASToken
value because it doesn't change. Username is still important though, so it's better to keep it in nickname
field of info hash as per https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema#schema-10-and-later
Unfortunately, eBay username is not reliable value as the user can change it and can change it frequently.
So it's better to use scary EIASToken
value because it doesn't change. Username is still important though, so it's better to keep it in nickname
field of info hash as per https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema#schema-10-and-later
ignat-z
Nov 7, 2017
Author
Contributor
Fixed, UserID moved to nickname
Fixed, UserID moved to nickname
private | ||
|
||
def ensure_success_code | ||
lambda { |response| |
Envek
Nov 6, 2017
Member
Style note: you can get rid of lambdas and use just methods by using method
method:
def call
MultiXml.parse(…).tap(&method(:ensure_success_result))
end
def ensure_success_code(response)
…
end
Style note: you can get rid of lambdas and use just methods by using method
method:
def call
MultiXml.parse(…).tap(&method(:ensure_success_result))
end
def ensure_success_code(response)
…
end
ignat-z
Nov 7, 2017
Author
Contributor
A matter of taste, but changed to this way
A matter of taste, but changed to this way
Net::HTTP.new(@url.host, @url.port).tap do |http| | ||
http.read_timeout = @read_timeout | ||
http.use_ssl = true | ||
http.verify_mode = OpenSSL::SSL::VERIFY_NONE |
Envek
Nov 6, 2017
Member
Please don't do that! This is a security hole!
You may wish to enable bypassing SSL certificate check via an option, but that option must be disabled by default.
Please don't do that! This is a security hole!
You may wish to enable bypassing SSL certificate check via an option, but that option must be disabled by default.
ignat-z
Nov 7, 2017
Author
Contributor
Yep, agree, shame on me, fixed
Yep, agree, shame on me, fixed
|
||
Additional options: | ||
- __sandbox__ - Are you running your application in [sandbox mode](<https://developer.ebay.com/api-docs/static/sandbox-landing.html>), default __`true`__. | ||
- __scope__ - A list of [OAuth scopes](<https://developer.ebay.com/api-docs/static/oauth-details.html#scopes>) that provide access to the interfaces you call. |
Envek
Nov 6, 2017
Member
Maybe it worth to note that by default that list of scopes is empty and users should provide it if they will use eBay APIs. Or perhaps it will be good to include public access scope https://api.ebay.com/oauth/api_scope
by default.
Maybe it worth to note that by default that list of scopes is empty and users should provide it if they will use eBay APIs. Or perhaps it will be good to include public access scope https://api.ebay.com/oauth/api_scope
by default.
ignat-z
Nov 7, 2017
Author
Contributor
Not sure about default value, it's omniauth strategy and eBay returns enough information for simple SSO. Add ability to pass scope as array of scopes or string.
Not sure about default value, it's omniauth strategy and eBay returns enough information for simple SSO. Add ability to pass scope as array of scopes or string.
Spec Start Time.now Expiration time | |___expiration___| v v----------------v |-----------------------------------| t ^ ^----------------^ | |___expiration___| Start Time.now Expiration time Code
Released as v0.1.0. Congratulations and thank you for your work! |
No description provided.