Add test route to avoid the shadow root/having to render the global nav (#70)

This PR adds a login page to use in testing to avoid having to render
the rpf-global-nav in tests that don't need JS.

# What's changed

* Adds a page at `/rpi_auth/test` which shows a login and sign-up button
that can be used in test scenarios
* Adds a `log_in(user:)` and `stub_auth_for(user:)` methods that we've
replicated in a lot of places.
* Adds capybara to the development deps, and updated the gemfiles
* Sets the `rubygems` version during CI because one of the Gems doesn't
build with the older version of Rubygems that ships with Ruby 2.7

Author: patch0

.github/workflows/test.yml

@@ -25,6 +25,7 @@ jobs:
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby-version }}
+        rubygems: 3.4.10
         bundler-cache: true # runs 'bundle install' and caches installed gems automatically
     - name: Run tests
       run: bundle exec rspec

.rubocop.yml

@@ -10,10 +10,13 @@ inherit_mode:
     - Exclude
 
 AllCops:
+  NewCops: enable
   TargetRubyVersion: 2.7
   Exclude:
     - 'spec/dummy/config/**/*'
     - 'spec/dummy/app/**/*'
     - 'spec/dummy/bin/**/*'
     - 'vendor/**/*'
+    - 'gemfiles/vendor/**/*'
     - 'bin/rails'
+

.rubocop_todo.yml

@@ -1,27 +1,46 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2021-09-14 13:25:06 UTC using RuboCop version 1.20.0.
+# on 2024-07-02 19:48:59 UTC using RuboCop version 1.64.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 6
-# Configuration parameters: CountAsOne.
-RSpec/ExampleLength:
-  Max: 8
+# Offense count: 11
+# Configuration parameters: EnforcedStyle, AllowedGems, Include.
+# SupportedStyles: Gemfile, gems.rb, gemspec
+# Include: **/*.gemspec, **/Gemfile, **/gems.rb
+Gemspec/DevelopmentDependencies:
+  Exclude:
+    - 'rpi_auth.gemspec'
 
 # Offense count: 1
-# Configuration parameters: Include, CustomTransform, IgnoreMethods, SpecSuffixOnly.
-# Include: **/*_spec*rb*, **/spec/**/*
-RSpec/FilePath:
-  Exclude:
-    - 'spec/rpi_auth/models/authenticatable_spec.rb'
+# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
+Metrics/AbcSize:
+  Max: 23
 
 # Offense count: 7
-RSpec/MultipleExpectations:
+# Configuration parameters: CountAsOne.
+RSpec/ExampleLength:
   Max: 8
 
-# Offense count: 1
-RSpec/NestedGroups:
+# Offense count: 20
+RSpec/MultipleExpectations:
   Max: 4
+
+# Offense count: 8
+# Configuration parameters: AllowSubject.
+RSpec/MultipleMemoizedHelpers:
+  Max: 6
+
+# Offense count: 10
+# Configuration parameters: AllowedGroups.
+RSpec/NestedGroups:
+  Max: 5
+
+# Offense count: 1
+# Configuration parameters: Include, CustomTransform, IgnoreMethods, IgnoreMetadata.
+# Include: **/*_spec.rb
+RSpec/SpecFilePathFormat:
+  Exclude:
+    - 'spec/rpi_auth/models/authenticatable_spec.rb'

CHANGELOG.md

@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+- Test controller/view to allow apps to log in without having to interact with the RPF Global Nav component. (#70)
+
 ## [v3.5.0]
 
 ### Added

README.md

@@ -187,6 +187,22 @@ class in `config/application.rb`.
 config.railties_order = [RpiAuth::Engine, :main_app, :all]
 ```
 
+## Test helpers and routes
+
+There are some standardised test helpers in `RpiAuth::SpecHelpers` that can be used when testing.
+
+* `stub_auth_for(user:)` enables the Omniauth test mode, and makes sure any auth requests succeed, returning this user.
+* `log_in(user:)` goes through the log-in process for that user, either using Capybara-style `click_on` methods, or POST'ing directly to the auth endpoint.
+
+There is also a page at `/rpi_auth/test` that has log-in and sign-up buttons which can be navigated to as part of the test suite to avoid having to render pages, or navigate into the shadow roots.
+
+To user these helpers you should add this to your `spec/rails_helper.rb`, inside the `RSpec.configure do |config|` block.
+
+```ruby
+  config.include RpiAuth::SpecHelpers, type: :request
+  config.include RpiAuth::SpecHelpers, type: :system
+```
+
 ## Troubleshooting
 
 Diagnosing issues with OpenID Connect can be tricky, so here are some things to try.

app/controllers/rpi_auth/test_controller.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'rpi_auth/controllers/current_user'
+
+module RpiAuth
+  class TestController < ActionController::Base
+    include RpiAuth::Controllers::CurrentUser
+    include Rails.application.routes.url_helpers
+
+    layout false
+
+    def show
+      render locals: { login_params: login_params, logout_params: logout_params }
+    end
+
+    private
+
+    def login_params
+      params.permit(:returnTo)
+    end
+
+    alias logout_params login_params
+  end
+end

app/views/rpi_auth/test/show.html.erb

@@ -0,0 +1,21 @@
+<!doctype html>
+<html lang="en" dir="ltr">
+  <head>
+    <%= stylesheet_link_tag 'https://static.raspberrypi.org/styles/design-system-core/releases/v1.1.0/design-system-core.css' %>
+    <%= csp_meta_tag %>
+  </head>
+  <body>
+    <div class='login-box'>
+    <% if current_user.present? %>
+      <p>Log out of your Raspberry Pi account</p>
+      <p>Logged in as <%= current_user.user_id %></p>
+      <%= link_to 'Log out', rpi_auth_logout_path(params: logout_params), class: "rpf-button" %>
+    <% else %>
+      <p>Log in with your Raspberry Pi account</p>
+      <%= button_to 'Log in', rpi_auth_login_path, params: login_params, class: "rpf-button" %>
+      <p>Sign up for a Raspberry Pi account</p>
+      <%= button_to 'Sign up', rpi_auth_signup_path, params: login_params, class: "rpf-button" %>
+    <% end %>
+    </div>
+  </body>
+</html>

config/routes.rb

@@ -9,4 +9,8 @@
 
   get RpiAuth::Engine::CALLBACK_PATH, to: 'rpi_auth/auth#callback', as: 'rpi_auth_callback'
   get RpiAuth::Engine::LOGOUT_PATH, to: 'rpi_auth/auth#destroy', as: 'rpi_auth_logout'
+
+  # This route can be used in testing to log in, avoiding the need to interact
+  # with shadow root in the RPF global nav.
+  get RpiAuth::Engine::TEST_PATH, to: 'rpi_auth/test#show', as: 'rpi_auth_test' if RpiAuth::Engine::ENABLE_TEST_PATH
 end