Our team have been using Cypress as part as our E2E UI tests, however, we are running into some roadblocks where we can't write tests to cover some scenarios because the flow goes through a third party site.
We have several examples of this throughout our application:
Our signup flow actually goes through a slightly different domain (it's still our app, just a slightly different domain), but because Cypress doesn't allow us to navigate to third party sites, the tests stops
We have several integrations that requires the user to login through the third party site, and on success, they will be redirected back into our application. (We can do this through oauth... and as suggested by Cypress that would be the recommended way, but I feel that in doing so, it wouldn't exactly cover what we want to test, as we want to go through the steps of clicking the activate button, logging in, and being redirected back)
I was wondering if anyone has run into a similar issue and have found a solution or perhaps another alternative? While I agree that we should not be testing third party sites, what would be the option for our scenario?
We have tried setting chromeWebSecurity: false, however I believe this only works for Chrome...?
Thank you in advance!
It depends on what is required to cross the two domains, for example a token can be saved.
The trick would be to visit different domains in different tests. In the oauth example, test1 clicks the button and you confirm the navigation to the 3rd party site.
Test2 then retrieves the token and proceeds to test the local app as if it had been redirected from oauth.
I'm pretty sure it's covered in a Cypress recipe somewhere, will try to find it.
Related
I'm trying to use Cypress with a site that redirects users to a third-party site for authentication. Once a user logs in, they're automatically redirected back to the site we control. From what I've read, Cypress doesn't support this particular set up.
Authentication at the third-party site can happen through a popup as well. And I can make Cypress open that popup.
Is there a way I can detach the Cypress test runner from the log-in popup so that it's no longer under control by Cypress? If so, how is this done? I would like to do this so that I can automate the log-in with something else (namely, Puppeteer) and then run the actual tests in the base page in the Cypress iframe.
Since you can assume the AUT is accepting a request from the 3rd party at some point in time, there should be a solution where you fire that api request with cy.request in the same manner as the UI.
You'll likely have to store environment variables, or some other auth security for the key, but if you do that, the login flow can be replicated by Cypress without having to use their 3rd party code; which you won't be able to access with Cypress if it's an iframe or other common 3rd party auth UI setup.
Situation:
I am writing test automation for a website. There comes a point where there is a link button on my website. Clicking this I am redirected to an external website. There I have to log in and as soon as I do that I am redirected to my original web-page which contains some 'connections' that I need.
Problem:
As soon as cypress clicks on the redirection button it does into a blank page.
Ideal solution:
I would want to automate the entire scenario. If not then at-least a work around.
As suggested in the Cypress Docs, you should really be using cy.request() to log in. You don't control a 3rd party site, and that makes your test very flakey.
For example, a lot of login pages are constantly changing and are A/B tested for the purpose of preventing a bot from logging in, including testing bots. The data:, url is probably the result of a http redirect.
Thankfully, using cy.request() you can 'fake' logging in by making a request to the server through code (which doesn't change as much) and you will never have to leave your app to log in
Here's a recipe for Single Sign-On for example.
Hope that makes sense!
I'm trying to use robot framework as a ui test tooling for a website we use internal.
To test different user roles I open the browser with basic authentication (http://user:ww#url). Unfortunately this methode is removed from chrome and chromedriver (http://www.chromestatus.com/feature/5669008342777856) (for the test I use PhantomJS).
because of this issue subresource requests are blocked. See image attached.
Because of this issue also js files are blocked and therefore my UI tests don't work properly.
Does anybody have an idee on how to solve this or another way of testing?
This issue is being encountered by all browser automation frameworks. This SO answer describes an approach to take a two step approach:
Go to the url with http://user:pass#hostname.ext
Go to the url with http://hostname.ext
The username and password are cached and subsequent visits will reuse it.
I have a strange request for a project - we have a text file containing a list of login credentials for Dropbox for around 10 users. I have to validate their credentials automatically and notify the users if login fails with their credentials.
I've looked at the dropbox API, but that uses OAuth, which requires the user to manually fill in credentials, but that doesn't do the trick for me.
Is there a way for me to check if a bunch of logins? I've looked at the DropboxUpload repository on github, but it works fine for single user logins, but fails to achieve what I want when it comes to checking the same thing for multiple users.
Any help/leads on how I should go about proceeding with this would be greatly appreciated!
Many thanks,
John
You can use dropbox webpage to check user credentials doing normal login/logout but in an automated way.
To create a "bot" which will login and logout and check if credentials are correct you can use Selenium.
Selenium is a framework for testing web page ui but it can also be used to create automated checker/tester/bot for what you need.
It is also possible to setup selenium in a such way that it will use renderless browser engine so no browser will be visible during test/check. This also speeds up the process of testing.
I hope this will help you if you'll not find any better way and can be used as a final solution since it is not the best way to check credentials
I am currently assessing what are the best options to integrate multiple sites to a single sign-on system. The ambition is to have a unified header with shared assets across the sites. Currently it operates as a separate login page where the user is redirected back to the page they were on before, similar to Google accounts.
There has been a proposal for an iframe or a popup iframe.
The benefits for this appear to be entirely for the user, so the user does not have to leave the page they are on. My concerns with this approach are
if we make changes to the login page itself we will need to make changes to the iframe which could require a redeployment of all the sites at the same time
the suggestion for a regular iframe is intricate to the design and will create problems across browsers
pop up iframes are problematic on mobile devices
if a user has scripting disabled they will be unable to login
a user may have a pop up blocker in place
Does anyone have any other arguments for or against using iframes for an SSO system? Any critique on the points I have already raised are also greatly appreciated.
Thanks!