Let's say you are told to test login flow of a web application without providing any credentials, what test cases would you consider?
Related
Mind App Automation Testing with Postman or Newman possibility?
Is there a mechanism to login to a MindSphere Tenant in Postman??
Exposing access token via API in a mind app in the same tenant and using it in subsequent Rest API calls is another option which I am not looking for.
https://developer.mindsphere.io/howto/howto-local-development.html says two options. But,
1) Access tokens generated using service credentials have admin scope, which means it is not suitable for testing applications with different user types.
2) Session cookies are only valid for up to 12 hours and expire after 30 minutes of inactivity. However, by assigning your user specific application roles it is possible to test your application's behavior for users other than admin. Is there a way to avoid this copy paste sessions for complete automation??
At this moment, there is no known solution for this. But you can try this:
Use selenium to login in a headless chrome and get session cookies and XSRF Token and store them in environment. Then attach them in API calls.
This is what I am doing at this moment. Let me know if you come to know any other solutions/suggestions.
Do either LinkedIn or Facebook provide a fictional user ID that can be used for testing an app that calls their APIs?
Facebook provides test users for app developers:
Test Users for Apps
A test user is a special Facebook account, invisible to real accounts,
which can be created within an app for the purpose of manual or
automated testing of that app's Facebook integration.
We ensure that test users are exempt from our spam and fake account
detection systems so that you can test your app without worrying about
getting disabled.
You can create, access and delete test user accounts in a couple of
ways - by using the Graph API to do it programmatically, or by using
the App Dashboard to do it manually.
As for LinkedIn, this SO question may be useful: A full LinkedIn profile for testing an app
I am using passport.js as back-end library
To handle authentication from OAuth providers like google, Facebook and Twitter.
As I am now writing the tests I would like to avoid creating own accounts just for testing.
So are there something like open credentials for the used providers?
How do yo mockup the accounts in tests?
See http://term.ie/oauth/example with the explanation on this other post
Take a look at the tests included in the multiple passport strategies. They often offer good examples of mocks for the entire interaction (for unit tests). Integration tests will require the entire flow (and likely some UI automation tool). Here's an example on Facebook strategy tests.
I'm not aware of any "dev only" credentials from any of these providers. In any case you will have to setup callback URLs pointing back to your app. Hopefully you will not do this very often...
In our system (which is an intermediary for authentication), we decided to supply default credentials for all well-known identity providers, if you don't want to deal with that while you are testing. In production, it is recommended that you get your own registration. The final architecture would be slightly different though, and not sure it would fit your needs:
App (passportjs) -> Our Server -> * Identity Providers
Note: even though ours is a paid service, the free tier allows you to do tests with no expiration.
I have a WCF web service that uses FormsAuthentication that logs the User into the Silverlight website. I have another web-service that needs to know what Role the user is in (e.g. Admin, User, Guest) to determine which functions that will run when called by the user from the Silverlight.
How can I pass this session state / User to the 2nd WCF web-service, or how can I get the username/password in the Silverlight application, and then pass that to the web-service to re-authenticate?
After doing research into this, the eastiest thing appears to be have some methods in my first web service where the user logs in. From there I can check what roles they are in and if they are authenticated. If anyone has a better idea I'm eager to hear it.
I'm writing a test suite for a django project which needs to login via django-social-auth (its facebook backend) in order to access the website.
The method I'm taking now is:
for each test:
create a test user using facebook API
use selenium to login
interact with the website once user is logged in
problem is: I need to write a few tests which use the regular django unittest (not selenium). Any idea how I can login using the regular django unittest?
It's not an easy task since the oauth code is very coupled in social-auth. So you really need a oauth service answering.
What I have done is to patch the function social_auth.utils.urlopen with a mock that returns previously recorded answers to trick django-social-auth into thinking it is talking with a real oauth provider.
It's a really hacky solution but allows me to test my custom social-auth pipeline in an isolated environment.