I'm using friend for protecting some pages in my web application, which is working fine so far. I'm running into issues with my test code, though: I seem to be unable to work around the authentication mechanism or to mock out friend's authorize calls. Things I've tried so far:
The first approach doesn't seem to work because I don't know for certain what I would need to add to the request and the second one doesn't seem to work because midje seems not to see the call to friend/authorize at all. The relevant fact looks like this:
(fact "The users page can be fetched successfully"
(let [req (request :get "/user")
response (app req)]
(:body response) => #"(some results)"
(provided
(friend/authorized? anything anything) => true)))
And this is the corresponding (running) compojure route:
(GET "/user" [] (friend/authorize #{::admin} users))
I basically macroexpand-ed the friend/authorize call in the midje fact, but still I get two FAILS on the fact due to the authorization. The tests ran successfully before adding the authorization, so it's really the friend authorization part I need to solve.
Are there any best practices do solve this?
It really depends on your friend's auth workflow if authorized? will get called at all.
Also, I've never could get midje to do runtime mocking, so I usually mock functions using with-redefs
Something along these lines should work for you:
(fact "The users page can be fetched successfully"
(let [req (request :get "/user")
response (app req)]
(with-redefs [friend/authorize (fn [roles f] f)]
(:body response)) => #"(some results)"))