Is there any example / tutorial how to test add-ons based on ACE

Hi, i’ve seen a lot of example projects based on atlassian connect express. see here: https://developer.atlassian.com/static/connect/docs/latest/resources/samples.html

But i haven’t found any example or tutorial how to test add-on’s based on ace.
Especially how to mock up / handle JWT request.

Where can i found some information about this topic ?
Regards

1 Like

Good question. I’m working on a presentation about the 3 main JWT flows for AtlasCamp in Barcelona. I have some working Node.js code examples but they aren’t based on ACE and they don’t have tests yet. But, I think the experience has given me enough to comment on the test strategy. Which JWT flow are you using:

  • Accepting a web hook or UI module from Atlassian?
  • Sending a REST API request to Atlassian?
  • Making a REST API request to Atlassian on behalf of a user?

HI @ibuchanan thank you for your reply.

I’m using flows as described here at the recipe section: https://bitbucket.org/atlassian/atlassian-connect-express

I’m protecting my resources by adding addon.authenticate() or addon.checkValidToken() to my add-on endpoints.

I was wondering about it that all examples based on ACE has no Test-projects.
It would be nice when you / Atllassian could provide some additional information about this topic.

Thank you

Is there anybody else how can give me some support ?
For example, how to mock the installation-process to generate addon-setting entries used for jwt creation ?

Thank you for any advise.
Regards

I have begun work on a fake lifecycle service for testing. You are free to use it based on APL license.

However, I’m skeptical this testing approach is appropriate for ACE-based add-ons. The lifecycle callback are already handled by ACE and it already has tests. In the examples you provided, ACE also handles the decoration of outgoing requests with JWT, and the verification of incoming requests with JWT. It seems like you’re asking for a strategy to test something that is already tested.

Can you tell us more about what you want the tests to find?

Not sure how you’re testing, but there really isn’t any magic when it comes to Confluence/JIRA Cloud installations. If you’re trying to do integration testing, you can just trigger the installation hook yourself with your own secrets and then start generating the jwt tokens. As long as your qsh and such are correct in the JWT claim that you send down you can mimic what the Connect framework would do.

If you’re trying to do unit testing on the calls that are secured with a JWT token - you could in theory do something similar BUT I would suggest setting the environment var AC_OPTS with no-auth:
https://bitbucket.org/atlassian/atlassian-connect-express/src/7fb796ae87e5e3cc2846d4f2711a751ef9426286/lib/middleware/authentication.js?at=1.0.x&fileviewer=file-view-default#authentication.js-83 :slight_smile:

1 Like

Hi @ibuchanan,

We have similar sort of requirements, we are trying to consume JIRA REST API.

We don’t know how to generate JWT, can you please share some ideas / approach in JAVA?

Also we have consumed Zephyr add-on for JIRA by generating JWT using access key/secret key but we ar not sure how to generate the JWT for JIRA REST API?

can you please help?

Thanks,
Rachit

You can disable both authentication methods with

AC_OPTS=no-auth,no-token-verfication

The Test-cmd in my package.json file lloks like this:

  "scripts": {
    "test": "AC_OPTS=no-auth,no-token-verfication mocha tests",
    ...
   }

More Info: https://ecosystem.atlassian.net/browse/AC-1188

Hi @daniel - Do you have any example code of triggering the installation hook and generating a JWT token?

We’re writing integration tests using mocha, chai, and chai-http. Some of our protected routes end up firing requests back to Atlassian using the ACE addon.httpClient. It is my understanding that the httpClient only works on routes that are protected using addon.authenticate(). Without generating the token, I’m not sure how to handle that.

We don’t have a custom install route and are making use of the default setup in ACE. As part of the initial test we’re posting some JSON containing: key, clientKey, sharedSecret, etc. This is hitting, but I think we’re missing a step somewhere. When making the next request we’re getting the error: “Authentication verification error (401): Could not find stored client data for [key included in JSON file]. Is this client registered?”

Any hints or samples are greatly appreciated!

cc: @danielwester (Throwing a hail mary, looks like you might have changed your user name)