I'm trying to write acceptance tests with codeception.
I made a first acceptance test that loads a page with a comparison of products.
I save session snapshot with $I->saveSessionSnapshot('Comparison');
In a second test, I want to continue from this page Comparison.
In the beginning of this second test, I wrote:
$I->loadSessionSnapshot('Comparison');
But, after that, I need to write:
$I->amOnPage('/comparison/{userToken}');
The user token is in the session, in a variable userToken that I would like to inject in my url.
How can I do that?
You can't do that.
Session snapshot doesn't mean snapshot of server side session, it is a snapshot of browser session and it actually stores all cookies.
If it was a functional test, you could implement some way to directly access session storage based on session id, but in acceptance test you have no direct access to server side code or storage.
It would be better to modify your application code to read userToken from session when it isn't specified in the URL, then you could use $I->amOnPage('/comparison/'); in the test.
Related
I am writing a GraphQL API using apollo-server-express.
I implemented a rate limit for a login query using graphql-rate-limit directive approach. I use client IP to identify the context, using default InMemoryStore provided by package. window value is 60s and max value is 10. The rate limit implementation is working as expected.
But I wrote security e2e tests using Mocha, Chai, and graphql-request, and rate limit (as expected) always make it go wrong. It happens because I need to execute login queries to get token before every set of tests. But even if I just set a valid token without request to API, it probably will return an error.
In other tests, I just disable rate-limit. But in the case of security it does not makes sense.
Is there a way to clear stored contexts, in order to avoid the issue? For example, create a mutation for this purpose, or pass a value in headers (both just enabled in development/test environment).
Is there a way to bypass UI for those actions which need to be performed before and (or) after the test? Is it possible to send simple GET or POST requests to the same test session instead of writing the script in the test?
For example, I want to write a test which checks if the record can be deleted. To do that, first of all I need to create the record. It doesn't seem to be a good choice to do it through the UI since it is not part of the test itself.
It really depends on the application under test. You probably don't want to go making SQL calls to your database to create these records, unless you really know what you're doing. Even then, it will make your test automation break when that record changes.
Perhaps your application under test provides an API which will allow you to create a target record. That would be ideal, allowing you to make an API request then all you have to do in the UI is navigate to where the "user" would delete it.
You can do pretty much everything by executing some Javascript into the page.
Here is an example send an HTTP request with a Javascript call:
from selenium import webdriver
driver = webdriver.Firefox()
driver.get("https://www.google.com")
driver.execute_script("""
var r = new XMLHttpRequest();
r.open('POST', '/search', 0);
r.setRequestHeader('Content-type','application/x-www-form-urlencoded');
r.send('q=bill+material&output=xml&client=test&site=operations&access=p');
return r.responseText;
""")
While it may be tempting to setup a test this way, I wouldn't recommend it since it will create new dependencies to the UI, increase the complexity and therefore increase the cost of maintenance of the tests.
I'm trying to learn J-Meter.
When I'm running a sample script of logging into a site using both valid/invalid credentials,it doesn't stop thread execution when invalid login credential is used and also login is not recorded in database.
Does it actually login to the website or only creates virtual login to create a similar environment.Is there any way to achieve this using Samplers?
JMeter is/acts as a headless browser.
Whatever your browser with an UI does, JMeter can also do - except executing a javascript. So, If you had recorded your script correctly - JMeter can login to the actual application as well.
Jmeter is not like QTP/Selenium. It does not know if it is a valid credential/invalid credential. It passes/fails the request based on the HTTP codes. If the HTML response from the server comes with a 200 http code, It passed for JMeter. If the server responds with code 500, JMeter fails the request. But JMeter also provides a way to validate the response you get - Assertion. You can use Response Assertion to see if you are seeing the home page or not to confirm if the user has logged in successfully.
To stop the test on error, select the appropriate option here in thread Group properties.
JMeter is a very nice tool & have been using it for 2 years with no issues.
Good luck!
Does your script have Config Element -> HTTP Cookie Manager? It needs cookie for the login function.
If your script has many transactions with the same level with login transaction and the option you select in your Thread Group is Continue, all transactions will be executed no matter login transaction is passed or failed.
In case you want the other transactions will not be executed if login fails, let add a Regular Expression Extractor as child of the login transaction to retrieve the text Dashboard, put other transactions into a Logic Controller -> If Controller. Suppose the Regular Expression Extractor has name Dashboard and Default value is NotFound, then the Condition of If Controller will be "${Dashboard}"!="NotFound"
JMeter automatically treats 2xx and 3xx HTTP Response Codes successful so it won't be able to detect failed login unless you explicitly tell it to check presence or absence of some specific content in the response data.
So if you add a Response Assertion you will be able to conditionally fail sampler and choose what to do in case of failure via "Action to be taken after a Sampler error" on Thread Group level.
See How to Use JMeter Assertions in Three Easy Steps guide for more details on the assertions domain.
If you're unsure what JMeter Sampler is doing you can check request and response details via View Results Tree listener. If you cannot simulate login event in majority of cases it is due to missing HTTP Cookie Manager and/or failed correlation of dynamic mandatory parameter(s) like Viewstate, CSRF token, etc.
I'm creating a 50 users load test on a JSF web application.
I record a scenario using JMeter proxy for one user who logs in, does some db operations and logs out. After recording the scenario, the recorded test contains http requests and data that particularly belongs to the user used while scenario recording.
At the time of running the test for 50 unique virtual users, the recorded test sends http requests and data which was in the recorded scenario. But in our application, the http requests and data vary depending upon the user. So how do I handle such situations in JMeter when it comes to methods being called depending upon the existence or non-existence of data for a user after logging in?
To be precise how would I make changes in my Test plan to manage dynamic urls and dynamic data for each virtual user?
Latest versions of JMeter allow you to write the whole parameters (raw data) from scratch, so you could use variables in this field.
To achieve dynamic URLs use a Regular Expression Extractor (Post-Processor) on a prior request that define what request will be sent and use the variable in HTTP Request's path field.
If you know what request each type of users will send you could use If Controllers and test a thread variable, created by a previous Regular Expression Extractor, and inside each controller add the specific request.
If the subsequent request for each user is defined by the server, using redirection, just check "Follow Redirection" field.
See JMeter Wiki for more examples on how to do this.
I want to store values in variables to access form another page (a.k.a State management).
Now I cannot use sessions since I have multiple Zope instances & if one fails the user need to be redirected to another Zope instance and one session is valid only for one Zope instance.
Now my remaining options are
submit a Hidden input tag using POST method
Passing through URL with GET method
Using cookies
Using Database (which I think is 'making simple things complex'.)
I am not even considering the first 2 methods and I think using cookies is not secure.
So is there a commercial or open source module that can securely (encryption etc.) do cookie management.
If not I will have to use a database.
Please inform me, if I am missing something.
Version - Zope 2.11.1
The SESSION support built-in to Zope 2 actually keeps the session in a temporary partition of the ZODB so I think it actually is valid for multiple Zope clients connecting to the same ZEO server. The cost of this is that all session changes invoke the transaction machinery and result in a commit, so just make sure you're not using the SESSION in something very low-level like PAS auth or you'll have commits hitting your ZODB for every image, CSS file, and JS file.