Over 10 years experience as a backend and frontend developer. Former team leader is UBS Bank. Since last few years in banking industry, previously worked in electronic document interchange and ERP software. Currently working as a front end developer in a Saxo Bank.
I’m a big fan of automation testing, and I’m always trying to use proper tools to do the job. I’m always trying not to reinvent the wheel every time, and I always want to share that message to the world. We have so many tools, but so few very good.
My linkedin profile: https://www.linkedin.com/in/mateuszwolsza/
URLs for Mateusz Wolsza
No URLs found.
Goals for this presentation is to show how to:
- build authorization service which provides JSON Web Tokens using open source tools,
- explain how to use JWT to secure a REST API built in Sinatra,
- mange complex REST tests of a secured API using a handy tool called: bash ;).
I believe that after this live session, each participant will be able to increase security and stability of their projects.
Introduction: In a few words I give summary of JSON Web tokens, what they are and how we can use them.
Part I: Use Rails API + Devise and JWT libs to build an authorization service which will authenticate users using email to provide JSON Web Tokens. I will show core steps which are required to get it running then we will create a user and authorize them to obtain a JWT token.
Part II: I will show a simple REST API built in Sinatra and what steps are necessary to apply JWT authorization on it, with token blacklisting as the invalidation strategy. Sinatra is a great Ruby framework for small and large projects. It's lighter than Rails and really flexible.
Part III: Having free open source authorization service and secured REST API is not all. Now we should be able to run all bunch of tests on it. Using bash with bats + jq + jo will give us powerful testing tool, which can be used in command line or TeamCity. I will show how to test REST endpoints locally and remotely without touching any commercial software or UI tools. We will run simple tests like GET /endpoint == status 200 but also a complex ones which require:
- JSON payload,
- multi line response parsing,
- matching regular expressions against the response.
Summary: Biggest value of this is that each part can be done separately. Some of us already have API services but lack automated tests or maybe there is a need to secure them.
These 3 parts have been already combined in a new open source deployment solution called PutIt.
Scheduled Instances of "Making REST API in Sinatra with automation tests in bash"
- Saturday Aug. 18 14:00 - 15:00