I'm trying to use Cypress with a site that redirects users to a third-party site for authentication. Once a user logs in, they're automatically redirected back to the site we control. From what I've read, Cypress doesn't support this particular set up.
Authentication at the third-party site can happen through a popup as well. And I can make Cypress open that popup.
Is there a way I can detach the Cypress test runner from the log-in popup so that it's no longer under control by Cypress? If so, how is this done? I would like to do this so that I can automate the log-in with something else (namely, Puppeteer) and then run the actual tests in the base page in the Cypress iframe.
Since you can assume the AUT is accepting a request from the 3rd party at some point in time, there should be a solution where you fire that api request with cy.request in the same manner as the UI.
You'll likely have to store environment variables, or some other auth security for the key, but if you do that, the login flow can be replicated by Cypress without having to use their 3rd party code; which you won't be able to access with Cypress if it's an iframe or other common 3rd party auth UI setup.
Related
Our team have been using Cypress as part as our E2E UI tests, however, we are running into some roadblocks where we can't write tests to cover some scenarios because the flow goes through a third party site.
We have several examples of this throughout our application:
Our signup flow actually goes through a slightly different domain (it's still our app, just a slightly different domain), but because Cypress doesn't allow us to navigate to third party sites, the tests stops
We have several integrations that requires the user to login through the third party site, and on success, they will be redirected back into our application. (We can do this through oauth... and as suggested by Cypress that would be the recommended way, but I feel that in doing so, it wouldn't exactly cover what we want to test, as we want to go through the steps of clicking the activate button, logging in, and being redirected back)
I was wondering if anyone has run into a similar issue and have found a solution or perhaps another alternative? While I agree that we should not be testing third party sites, what would be the option for our scenario?
We have tried setting chromeWebSecurity: false, however I believe this only works for Chrome...?
Thank you in advance!
It depends on what is required to cross the two domains, for example a token can be saved.
The trick would be to visit different domains in different tests. In the oauth example, test1 clicks the button and you confirm the navigation to the 3rd party site.
Test2 then retrieves the token and proceeds to test the local app as if it had been redirected from oauth.
I'm pretty sure it's covered in a Cypress recipe somewhere, will try to find it.
I'm currently doing E2E testing using testcafe on an electron-vue application. In my authentification phase, I connect to another external application :enter username and password to authenticate. The problem is that I cannot apply test case on the external browser nor recuperate inputs from the external browser. Any suggestions( The external page is triggered via a Vue component button using open method)
At the moment, TestCafe can run a test in a single browser window only. Take a look at the Mocking HTTP Requests functionality. By using it, you can mock requests to and responses from the external application to avoid an external browser window opening.
I'm trying to use robot framework as a ui test tooling for a website we use internal.
To test different user roles I open the browser with basic authentication (http://user:ww#url). Unfortunately this methode is removed from chrome and chromedriver (http://www.chromestatus.com/feature/5669008342777856) (for the test I use PhantomJS).
because of this issue subresource requests are blocked. See image attached.
Because of this issue also js files are blocked and therefore my UI tests don't work properly.
Does anybody have an idee on how to solve this or another way of testing?
This issue is being encountered by all browser automation frameworks. This SO answer describes an approach to take a two step approach:
Go to the url with http://user:pass#hostname.ext
Go to the url with http://hostname.ext
The username and password are cached and subsequent visits will reuse it.
I'm creating a app in Ionic 2, wich consumes a web api from an existing site. To use this API i have to make athenticate in it in the following way (Similar to facebook login):
I call the api login page in a InAppBrowser component, sending the proper keys and a return URL.
the user types the login and password in the form displayed, the API will validate it and authenticate it.
The API calls the return URL passing the authorization token.
I 'hijack' this redirect to the return url in the InAppBrowser 'loadstart' event, and extract and store the authorization token.
In the following calls to the API, i send the authorization token in the header.
This is all working fine in the emulator, but it doesn't work in the browser (with ionic serve), because when i call InAppBrowser it actually calls window.open, and the events doesnt work. I can't detect the redirect action made in the opened window.
I'd like to make this work in the browser since its better to debug the application there. My first thought was to send "http://localhost:8001" as the return url, but I couldn't find a way to catch the token parameter in the ionic application.
Does anyone know how I can catch this parameter or any other way to make this login work in the browser? It is for development and debug purposes only, so strict security is not a issue (I can comment out any unsecure code in the production version).
Edit: Hayden Braxton answer didn't solve my problem, but since it was because of something exclusively to my app, and it could really help someone who wants to make plugins work, I'll keep it as the selected answer.
Besides that, I'll share the solution I found to my problem in case it could help anyone. It was simple, actually:
I pass "http://localhost:8001" as the api return_uri parameter
the api will, after checking the login and password, redirect to http://localhost:8001?token=MY_AUTH_TOKEN.
This will reload the application and call login page again.
In the login page i call this.platform.getQueryParam("token"); to get the token.
Add
"browser": "ionic-app-scripts serve --iscordovaserve --sourceMap source-map --wwwDir platforms/browser/www/ --buildDir platforms/browser/www/build",
to the script section of your package.json. Then instead of doing ionic serve, instead run
npm run browser
We use ionic2 to develop our apps where I work, and this is what we figured out after some research.
Before using this, you need to have the browser platform added. You can accomplish this with the following:
ionic add platform browser
If the browser platform is already added, delete the browser directory from your platforms directory and then run the add platform command, just to be on the safe side.
I'm trying to develop a rally app using the app builder. When I load App-debug.html in my browser, I am prompted to enter my user credentials in the form provided. I enter them, but the form re-appears over and over again.
I did notice that the login attempts to authenticate via https://rally1.rallydev.com:443. If I go to this in another window and enter my account details I am able to get in. However, when I do log in, there is a corporate redirect that takes place (for SSO) and I ultimately end up on us1.rallydev.com.
How would I get my app to authenticate through us1.rallydev.com. Changing urls in App.js and config.json only causes errors when trying to load javascript for APIs.
The app should always just piggyback on your existing session. Changing the serverin config.json and re-running rab build should cause all traffic to go to that server- if that's not happening then that's a bug.
You won't be able to authenticate from scratch using SSO from an app, but it should have no problem re-using an existing session.
Another option is to use an API Key to develop: https://help.rallydev.com/apps/2.0/doc/#!/guide/embedding_apps