We are using securesocial module for authentication in Play 2 application.
I have two questions concerning this module.
Firstly, is there an easy way to disable the authorization checking in out development environment, preferably w/o commenting all #SecureSocial.SecuredAction annotations.
Secondly, what is the preferred way to unit test methods that use securesocial in Java? For example I have a call to ctx().args.get(SecureSocial.USER_KEY); in controller for getting the identity. If I would want to unit test this method, how can I mock out this identity? Or maybe secure social has some utility classes that can help unit testing?
We decided to create method getUser in our controller and then in unit-tests we are using http://www.javassist.org/ library to remove securesocial annotations and also to change return value of getUser to some mock that is created in test classes.
Related
I have FastAPI project which does the following:
Register users(unauthenticated)
CRUD operations on user resources(authenticated)
What I want to do:
Develop an automated testing framework to unit test all the APIs
Run that on a devops platform like jenkins regularly
Run it locally before deployment
Some specific doubts I have:
For testing, should I use the OpenAPI generated client sdk or the FastAPI client or use the python requests module?
Authentication should happen only once and reuse the JWT token or fresh authentication for each API test ?
Should I use the same pydantic modules for dev and testing or re-write them to ensure that no issues were introduced in case of updated models ?
How to do proper unit testing when one API requires result from multiple other APIs?
Use the built-in TestClient
Use a fixture and let pytest sort it out for you; if it's too slow to reauthenticate each time, change the scope of the fixture to a larger scope (i.e. class, module, session, etc.). You can also use FastAPI's dependency_overrides to let your tests run with static authentication configured (so that you can skip actually authenticating in most of your tests).
You should test what you use in your application. Nothing specific written for your tests, except if necessary to make your application testable in a better way.
The only "proper" thing is that your API has been tested to work as you expect it to work. Do multiple API calls if necessary, but move them into fixtures to get composable sets of dependencies for tests (i.e. the result of the fixture can be cached and re-used for all tests in a test class if necessary). If you have tests that depend on a customer being created, create a fixture that creates a customer and use that fixture in the tests where a created customer is necessary.
I'm using Django with DRF as just an API--it doesn't serve any FE assets of any kind. I know the Django testing suite is built on the Python native unittest library and plan on using it for unit testing.
When it comes to integration testing, is it sufficient or should something like Behave be used?
If unittest is sufficient, should it be used in conjunction with some kind of faker?
If you want to test the API contract, you need:
to read the relevant documentation
have a way to generate models you need. My advice is to use factory-boy.
This setup will test your urlconfs, views, serializers and to some extent your models, without the need for real server and without the need to mock API responses.
I have an application based on play framework scala version 2.11.1.
There are couple of methods for which I want to add unit tests. These methods have direct calls to database through Ebean.
I tried with this link to use mocki-ebean in order to mock these calls. But the import was unsuccessful
I tried with powermock as well. but it requires to setup in-memory ebean server for mock calls. But that is also deprecated to setup in-memory server for unit testing.
Any idea what could be the next direction?
I'm dependency injecting a repository which calls the REST service so I thought I'd just inject another concrete class which gives the data the MVC app expects.
Is this the recommended approach and should I be doing this through an IoC container?
Secondly, when creating the fake data should I implement this using a mocking framework such as Moq or just hand code the data?
My web app is a Google OpenID consumer (with Attribute Exchange and OAuth Extension) and I need to write some unit test for it [edit: to test the unit that is responsible to interact with google].
The problem is that default OpenID login procedure needs user interaction (entering user/pass) which is not possible in unit test.
Do you have any idea how can I solve this problem and unit test my OpenID consumer app?
(I prefer not to run my own OpenID provider.)
You need to use a remote controlled browser for this. Selenium was made for this use case.
(indeed they are called functional tests then).
Search on Google for the best way to integrate selenium tests into your web framework.
If I understand you want to test your all application and not just "unit test" it.
The actual test framework depends on the technology your application is using. For example there are many UI and web automation tools that can do what you want.
You should also unit test your core functionality or at least write several integration tests that work against an actual Openid provider but instead of running the entire application just test the functionality of the class (if you're using language that has classes) to make sure it can get the b.
I would also write a couple of unit tests that call a fake provider to test how your code behaves in case of error, connection problems and plain vanilla responses.