-
Notifications
You must be signed in to change notification settings - Fork 27
Tests, Goals, and Todo's for AuthlogicConnect
viatropos edited this page Sep 14, 2010
·
1 revision
- It should require the end user ONE CLICK to create an account with your site.
- It should not depend on Javascript
- It should be enhanced by Javascript
- You should never have to touch the User/Session model/controller/migration if you are a just looking to get up and running quickly.
- You should be able to plugin ruby libraries that wrap an api, such as TwitterAuth via
@user.twitter, and LinkedIn via@user.linked_in. Just because it’s that easy.
This only has a few unit tests. Enough to make sure the methods are returning what we are expecting.
It should have Functional and Integration tests, using the AuthlogicConnect example projects. If any of you guys know of an easy way to set that up, I’d love to know. Send me a github message :).
Goal:
- Test Framework: :http://github.com/thoughtbot/shoulda">Shoulda
- Autotest with Shoulda
- Testing style like :http://github.com/thoughtbot/paperclip/tree/master/test/">Paperclip Tests
- Rails 2.3+ and Rails 3 Compatability
- If the user bails out in the middle of a login session, there needs to be a mechanism that knows how to reset their session.
- If the openid is filled out, and then the user clicks Twitter oauth, it should know that it should log them in via twitter. This can only really be done by javascript. But what should take precedence? The thing that requires no typing: oauth. So oauth should be checked first on save.
- Add rememberme functionality correctly. Right now I think it remembers you by default.
- Login should work without having to access the remote service again.
- If I create new user with Twitter or Google, then logout, I can login through twitter no problem. However, I cannot login through Google. This is because google returns new tokens, so I can’t find it in the database. How do I find it? Also, if you go and revoke access to twitter (go to your twitter profile on twitter.com, click “settings”, and revoke access to app) after you’ve created an account, and you try to login, same problem. This is because tokens are regenerated. NEED CONFIRMATION SCREEN
- If the user has only created an account with say Twitter, then logs out, if they try to login with google, it should ask if they have a different account. How should this work?
OAuth is for accessing remote information. It doesn’t always give you data about the user. OpenID on the other hand gives you all the info you need for login.