Book Image

RSpec Essentials

By : Mani Tadayon
Book Image

RSpec Essentials

By: Mani Tadayon

Overview of this book

This book will teach you how to use RSpec to write high-value tests for real-world code. We start with the key concepts of the unit and testability, followed by hands-on exploration of key features. From the beginning, we learn how to integrate tests into the overall development process to help create high-quality code, avoiding the dangers of testing for its own sake. We build up sample applications and their corresponding tests step by step, from simple beginnings to more sophisticated versions that include databases and external web services. We devote three chapters to web applications with rich JavaScript user interfaces, building one from the ground up using behavior-driven development (BDD) and test-driven development (TDD). The code examples are detailed enough to be realistic while simple enough to be easily understood. Testing concepts, development methodologies, and engineering tradeoffs are discussed in detail as they arise. This approach is designed to foster the reader’s ability to make well-informed decisions on their own.
Table of Contents (17 chapters)
RSpec Essentials
About the Author
About the Reviewers

JSON Web Token

Using plain-text passwords such as banana is not at all secure. We should use a token scheme to make our authentication secure. We'll use the JSON Web Token (JWT) standard (defined in RFC 7519:, which is very simple but also very powerful. JWT allows the client to use a shared secret (such as banana) to sign a set of claims to generate a token which is then sent to the server. A claim is a piece of information that the client sends to the server and which must be authenticated. Most commonly, this would be the username but it can include any set of data. Previous to JWT, such info was included in various ways and there was room for error due to poorly designed claims encoding or mistaken implementations. Many different kinds of digest algorithms are supported, as well as asymmetric public/private key pairs to generate the token from the claims. This allows for the security mechanism to be easily adjusted without having to change the overall...