I am at a crossroad where I have the "solution" but I am not sure its the best approach.
Part of my application is oAuth login and I want to test that too (Acceptance).
I have bogus accounts for my oAuth providers that i'll be using to Login. Problem is Cookies.
I am using Phantomjs. Even if I use clear_cookies: true on my yml file I have this problem where my test cannot login because Google remembers me.
The test is quite simple:
public function login_with_oauth(AcceptanceTester $I)
{
$I->amOnPage('/auth/logout');
$I->amOnPage('/');
$I->click(['id' => 'login']);
$I->click(['id' => 'btn_login_google']);
#$I->fillField(['id' => 'Email'], $this->login);
$I->fillField(['id' => 'Passwd'], $this->password);
$I->click(['id' => 'signIn']);
$I->waitForText($this->name);
$I->seeInCurrentUrl('/home');
}
First time it works, second it does not because Google remembers the logged in user so it doesnt show the login and password boxes anymore.
If I hit the google logout url (accounts.google.com/logout) it logs the user out, but the next time I try to login it will remember my EMAIL (thus not my password), the email field will be greyed out (disabled) so Codeception can't fill it and goes bananas.
Even if clear_cookies: true worked I would run into a problem where, for all my other test Cests that share the same Session, I would have to login _before(), which would add about 20% more time to run the tests.
The solution I've came up with: is to simply restart phantom before each test. Since phantom is managed by supervisord it is as easy as having a alias in my ~/bashrc, like so:
alias codecept=' supervisorctl stop phantomjs && supervisorctl start phantomjs && vendor/bin/codecept'
That way I can keep my cookies between each test and I can make sure my oAuth providers cookies are also cleared.
I also tried restarting phantom from within php on the __construct of the oAuth cest but that makes Codecept throw some weird errors.
Any ideas?
Thanks and best regards.
Related
I am failing to correctly login through the UI with the testing framework TestCafe. Our company uses FusionAuth for authentication which lives on a separate Domain from the application I am looking to test. At the moment im just trying to develop a Proof of Concept with logging in through the UI.
Currently, the cookie that I often see get set when logging in normal through my browser does not get set when going through testcafe. Thus when you return to the application it does not to know that you are authenticated.
It seems that the passing of cookies / local storage from the IDP login page back to the Application in test does not happen.
Ive tried useing Role's with preserveUrl set to true.
const testUser = Role('{domainURL}/login', async t => {
const username = 'username'; //Not real values
const password = 'passwword';
await t
.typeText('#loginId', username)
.typeText('#password', password)
.click('.submit');
}, { preserveUrl: true });
test
.disablePageCaching('Login to Test Users Account', async t => {
await t.useRole(testUser);
});
Ive also tried just using selectors and putting in the Credientials manually in the UI. Neither have worked so far for me.
I was curious if:
I am approaching this wrong?
What is the best approach for Black box End-2-End Testing with testcafe when dealing with login?
I know this is probably not the best place, but i wasn't sure how else to contact testcafe support.
In general, TestCafe Roles is the recommended approach for dealing with logging. There can be some FusionAuth specifics that do not work correctly with TestCafe. If you want our TestCafe team to research this issue, you can create an issue in our github repository using the following link: https://github.com/DevExpress/testcafe/issues/new?assignees=&labels=&template=bug-report.md
Please note that we will need an example that demonstrates the issue. If you cannot share your project/login/password publicly, you can send it to support#devexpress.com.
This was turned into a github Issue ticket that can be found here. Going to close this Question for now.
Authenticate user by link (Laravel 5.3)
I'm trying to authenticate user when he follows a special link.
I find the user by the link parameters and authenticate him like this
Auth::loginUsingId($client->id);
After that Auth::user() returns the user I needed, that's all fine.
But when I trying to acccess user's profile page it redirects me to /login.
If I log in in browser using the same user's credentials I can see the profile page.
Seems that it doesn't save info to session.
What have I missed?
I have seen that if you output anything before Auth::attempt() (same as loginUsingId) it does not work. Make sure you have no echo statements, dd, print, or anything else before or after you attempt the login. But, this should work for you:
Say, for this example that your URL is somedomain.com/autoLogin?userid=1
public function autoLogin(Request $request){
$id = $request->userid;
$user = Account::find($id);
Auth::login($user);
}
This will persist the session.
I am following the link below to test the smart apps toolkit,
https://www.cumulocity.com/guides/web/smart-toolkit/
I can reach the "5. Create login screen" and see the login page with GRUNT SERVER running in the background. However, I have no luck to login with my account. I got my trial account from telstra-iot.com and my homepage is m2mone.telstra-iot.com.
I change the "demos.cumulocity.com" in hello-core-api/js/app.js to "www.telstra-iot.com" and still no luck.
I put in tenant: m2mone, user name: admin, password: xxxxxx. Did I miss anything?
You need to use https://m2mone.telstra-iot.com/ as baseUrl:
c8yCumulocityProvider.setBaseUrl('https://m2mone.telstra-iot.com/');
You can also set tenant there so you don't need to fill tenant in login page:
c8yCumulocityProvider.setTenant('m2mone');
Now you can leave tenant field empty in login page and if you want, you can remove the tenant field from login page altogether.
By default the grunt server task leads to developer.cumulocity.com which will not work for you because you are on a different installation (telstra-iot).
You can define the host when executing the grunt task
grunt server --host=m2mone.telstra-iot.com
I need to ask user for a password each time he using Google OAuth.
There was an option I have used "max_auth_age", but it stops working.
Is there any replacement for this option. If not - could you please suggest where can I submit something like "feature request" to Google to restore this feature.
Thanks.
UPD
I have read possible duplicate topic and tried to use max_age instead max_auth_age. It did not help.
p.s I know that the main idea of OAuth2 not to use any passwords prompts, but its customer requirement. He is afraid that person, who not allowed to use system can have access on shared computer if someone forgot to logout from Gmail.
Aside from BCM and ehsan s' concerns, it is possible to revoke access to your application AND ask for a password on subsequent login attempts.
Following is a NodeJS example with googleapis, but is simple enough to work for all applications:
const google = require('googleapis').google;
const oauth2Client = new google.auth.OAuth2(
'client_id',
'client_secret',
'redirect_uri'
);
// Sign-in code (omitted) here
async function signOut() {
return await oauth2Client.request({
url: 'https://accounts.google.com/Logout',
method: 'GET'
});
}
Unlike oauth2Client.revokeCredentials, requesting https://accounts.google.com/Logout will make google ask for password on subsequent sign-in attempts.
Bare in mind that this request will sign the user out of all google services on the client.
This wont affect other clients on the device however - i.e. sign-out of NodeJS app will not cause the user to be logged out of gmail in Chrome browser running on the same machine and under the same user.
Hope this helps :)
On my computer, can I login to my web app, grab the cookie values, and have my selenium script use it to test the web app without having to login?
Is it also possible to modify the cookie expiration after logging in on my computer so that the cookie will won't expire when the selenium tests are running?
Is it possible to avoid having to write additional selenium logic to use the login form? If not, does it raise a cookie expired exception so that I know I need to re-login?
What about testing cookieless session webapps like Meteor.js?
Using .NET I know you can set the cookies, or at least retrieve them. Try placing your cookies there.
driver.Manage().Cookies = Your_Cookie_Object_Here;