Write Some Security Tests

Expand on the login, my lists, and sharing tests—what do you need to write to assure

yourself that users can only do what they’re authorized to?

Test for Graceful Degradation

What would happen if Persona went down? Can we at least show an apologetic error

message to our users?

• Tip: one way of simulating Persona being down is to hack your hosts file (at

/etc/

hosts

or

c:\Windows\Sytem32\drivers\etc

). Remember to revert it in the test

tear

Down

!

• Think about the server side as well as the client side.

Caching and Performance Testing

Find out how to install and configure

memcached

. Find out how to use Apache’s

ab

to

run a performance test. How does it perform with and without caching? Can you write

an automated test that will fail if caching is not enabled? What about the dreaded prob‐

lem of cache invalidation? Can tests help you to make sure your cache invalidation logic

is solid?

JavaScript MVC Frameworks

JavaScript libraries that let you implement a Model-View-Controller pattern on the

client side are all the rage these days. To-do lists are one of the favourite demo applica‐

tions for them, so it should be pretty easy to convert the site to being a single-page site,

where all list additions happen in JavaScript.

Pick a framework—perhaps Backbone.js or Angular.js—and spike in an implementa‐

tion. Each framework has its own preferences for how to write unit tests, so learn the

one that goes along with it, and see how you like it.

Async and Websockets

Supposing two users are working on the same list at the same time. Wouldn’t it be nice

to see real-time updates, so if the other person adds an item to the list, you see it im‐

mediately? A persistent connection between client and server using websockets is the

way to get this to work.

Write Some Security Tests

|

435