Issue/94 - Multiple Authenticators

[bubba1e]

Reference Issues

Multiple Authenticators

Changes

• The $authenticator variable was changed to an array and renamed to $authenticators to allow multiple authenticators
• The authentication function has been changed to try each authenticator until one of them works or there are none left

[dhensby]

Definitely a nice addition, but I think we need some tests to cover this change

[bubba1e]

The tests now cover multiple authenticators.

[dhensby]

We shouldn't shoe-horn a fairly fundamental authentication test into another unrelated test.

Please can you create a new test function like testApiAccess which adds additional authenticators and then asserts that the second authenticator works even if the first fails?

[dhensby]

We shouldn't add this authenticator to all tests if they don't need/want it as it may result in unintended side-affects in future tests. Just add it to the specific test for this situation.

[dhensby]

I don't think this is a very good way to perform the test because we could see tests passing that shouldn't if (for example) the first authenticator has a bug that means passwords are not validated properly.

You could either create an actual mock instance of an authenticator (assuming there's an interface to mock) or create some kind of hard-coded token authenticator (eg: if AUTH_USER === 'SOME-TOKEN' return a user).

Ideally this user will be a new user added to the fixtures too.

[dhensby]

Thanks for the work on this @nykkl - but we need to make the test a bit more specific / thorough I think.

[NightJar]

I also feel this should target the master branch, as it alters critical configuration API in a non backwards compatible manner.
To this end would you also like to supply some upgrade documentation about what someone who uses this module should do in order to update it?