We need to login to 20 - 30 different web applications and enter credentials to keep user active throughout the day. This needs to happen in the background on user's machine without user being interrupted. What technology do we use here to achieve this?
We thought of using an RPA but this is intrusive and causes user interruption. User will be locked out of using their machine while RPA is running.
We expect this automated code to login to multiple web application one at a time or in a parallel thread (no preference) throughout the day on a schedule or user can kick this off. This automated solution needs to be able to hold user credentials and keep user free from entering their credentials.
Can we use C#, vbscript, java or any other software development tool to achieve this type of effort?
We'd like to keep this in-house to keep cost low.
Related
I am doing load tests to a apply option of career fair section. But I have only one user's login informations and I want to do apply tests more than one time with same user. For example when I create 10 users with Thread Group, the http request for apply is going to be fall 9 times. I think that's why we use only one user and the apply button is going to be applied button and not clickable. How can I do this test?
There is one golden rule: 1 virtual user == 1 real user with all its stuff like credentials, permissions, business actions, cookies, cache, etc. See How to make JMeter behave more like a real browser article for more details.
So ideally you need to have as many credentials as threads (virtual users) you set in JMeter's Thread Group
Test need to be repeatable, to wit leave the system in unmodified state so you could re-run the test once again. If the application process is irreversible you need to either cancel the application somewhere in the tearDown Thread Group or modify the database using JDBC Test Elements to restore the system state
If your system doesn't allow multiple logins from one user I don't think you will be able to conduct your test with a single user for multiple sessions.
Let's say I'm testing a web service and I have a couple of scenarios requires user to be authenticated:
Scenario #1: Customer sign-up
Scenario #2: Customer sign-in
Scenario #3: Customer change name
Scenario #4: Customer update image
Should all the tests go through all login steps like:
1) Go to register page
2) Enter new user information
3) Activate account
4) Go to login page
5) Enter login and password
6) Press the Login button
7) Check if I authenticated as a customer
Or I can just test it once and implement endpoint which quickly creates a user and log it in.
So if I have that kind of endpoint that means I can skip retesting the same things all the time and just have short scenarios #3 and #4 implementation. But in this case, I have a less natural environment.
Please tell me about the best practices that you use in real projects.
Few best practices:
use the testing pyramid integration > ui (tests are much slower on UI, automate in the UI only the necessary things to have main flows covered)
for the UI use fast methods for the setup (so yes, web services, test login only once)
if possible keep some test data trough the builds (for example to make sure a new build that might change data structure does not affect basic functionality, e.g. login)
tests should be atomic (not depend on each other)
do some cleanup from time to time to remove duplicate test code and to improve the framework(speed, stability)
You shouldn't copy and paste the "log in" scenario to all of the other scenarios, but having an account and being logged in are prerequisites for the other use cases. From a behavior driven development perspective this will translate to one or more Given steps that simulate or actually perform those steps:
Scenario: Customer change name
# Calls web service or database to create new user
Given "Bob" is a registered user
# Calls web service or database to make account active
And "Bob" has an active account
# Opens browser, navigates to login page, fills out login form and submits it
And the user is logged in as "Bob"
# Steps specific to changing name and asserting it has changed
When the user changes their name to "Samuel"
Then the user's name is "Samuel"
I need some clarification in the testing process, specifically when multiple users (100 Users) login to a web application through JMeter.
I can log in with a single valid user but if there are 100 users and 1 is a valid user and 99 are invalid users, the 99 users cannot log in.
The problem is creating 100 is a difficult process.
Now, is testing login as mentioned above the same as testing with 100 valid users?
If not, is there any better process to test login with multi-users?
There is only one obvious requirement: each JMeter thread (virtual user) should use different credentials, in other words JMeter user must represent real user using real browser as close as possible, otherwise your load testing will not make sense.
So ideally you should have 100 different credentials so each virtual user could use its own username/password combination and have its own session. It particularly matters when your test scenario assumes some business processes, i.e. one user starts workflow, another one approves, third one finishes, etc.
If each load test iteration assumes "clean" system you could consider automating user creation process via setUp Thread Group where you can create the prerequisites (users, content, whatever). Ask around, it might be the case you can create the user using a single REST API or Database call, or it could be possible to import users from LDAP or using a shell command
As a last resort you can use single credentials with multiple JMeter virtual users, however in this case you may run into issues with your application so try avoiding CRUD operations so your test would represent just browsing.
I'm horrible at security so I was curious if you guys had any ideas. I recently wrote an application in Python that I will be selling to select people. The information on the application is private (not incredibly so, I just need a minimal solution). How could I have a user login to the application (from a MySQL database), then have the program check is someone is logged in already under those credentials. Here is a basic flow:
User opens the EXE (cx_freezed python file)
Program asks user for their login (from a MySQL database)
Program checks if someone is already logged in using that info
If someone is logged in, don't let them log in. If someone isn't, log them in.
I have absolutely no idea where to start with this, any suggestions/directions to point me?
Don't be a Dave and roll your own security system. Use an existing one if you can
This shouldn't have anything to do with your database. If you happen to persist session info to the db, that's fine, but your session-management should be in-memory
Basically you should have a list of authenticated users in memory somewhere in application state. if authenticatedSessions.get($username) != null then deny
Concurrent Session Control is a PITA for users. Example: You login just before leaving work, then get in your car, try to login from your mobile, and now you can't. Consider allowing 2 concurrent sessions, or keep the timeout short
Spring Security (Java) has this feature. It's open source so you could "gain inspiration" it: http://docs.spring.io/autorepo/docs/spring-security/current/reference/htmlsingle/#ns-concurrent-sessions
Does anyone have experience using Selenium to automate testing of a webapp that uses Facebook Connect for user login? Any tips or methods that you recommend?
Depends what you want to do?
Will you be using a real-real Facebook User (which is phone verified by Facebook)?
Safest and most reliable ,but very difficult (impossible) to gather "real" users (phone verified by FB).
In terms of defining aspects of the user/connections details, like education history, work history, name, age etc(specially if you do not have access to all the "real" facebook accounts).
Fake facebook users created for testing the app (not verified by Fb)?
Probably the easiest to setup, as all are fake users, no Phone verification(with FB) required.
But email ids for all users would need to be created.
Even though the connection info can be tailored to your liking. One of the main drawbacks(and it has happened to me), is if Fb detects the user is not legit, FB would freeze all accounts. Which would make all your Fb user specific automated tests all useless in the blink of an eye. And there is not much you can do(Unless you plan to get a brand new phone connection to verify those accounts, no google number, no skype, no ip based phones allowed. FB is very strict with that). Also one number can authorize only 1 account.
Will you be using the Facebook APIs to create Fb test users?
Probably the ideal way (according to FB)to use Facebook connect to test your app. click here for documentation on how to use it.
It may seem straight forward, but it has its downfalls(major ones). Very un-relaible, the API returns an error 10-20% of the time, and extremly slow the other times. No way to retrieve the password of a FB test user if misplaced once. Connection info cannot be easily customized. A fair amount of effort required to set it up something without being sure it work each time.
I have personally opted for the second option. Facebook detects the legitimacy of the user (I guess) based on parallel logins across multiple ips. I have selenium RCs running across various servers, which run these tests in parallel, which could have possibly raised a red flag. So i just schedule these scripts in a more organized manner, so as to avoid login overlaps.
I hope in this long explanation you find your answer. :)
For the perl implementation -
$sel->start();
$sel->open_ok("$URL");
$sel->set_speed("500");
$sel->click_ok("//img[\#alt='Facebook']",'User clicks on Facebook Login');
$sel->wait_for_pop_up_ok("", "30000",'Facebook Login Popup Loading');
$sel->select_pop_up("null");
$sel->type_ok("email", "email\#email.com",'User enters Facebook credentials - Username');
$sel->type_ok("pass", "password",'User enters Facebook credentials - Password');
$sel->key_press("pass", "\\13",'User returns Facebook Login credentials');
$sel->select_window("null");