I'm using Playwright to automate things on a website that I am using Fido2 u2f. I can't run it in headless mode as I need to be ready to touch my u2f when it's prompted. This is very annoying.
Is there a way to accept the u2f without me having to click it? Via code.
Thank you.
You can use the virtual authenticators API defined in the WebAuthn spec to programmatically set up automatic responses to WebAuthn in your automated testing pipeline .
The endpoints defined in there are REST requests you make in the browser, so as long as PlayWright gives you a mechanism for executing JS in the headless browser you're testing with then you should be able to set up a software authenticator to respond to WebAuthn API invocations without any interaction on your part.
Related
I need to automate my web application functionality using rest assured.
Means there are no endpoints to verify the functionality of login module on the homepage and I need to automate same login Page functionality using Rest Assured.
Please, anyone, tell me to know the solution of my this query.
Rest-Assured is just a REST testing tool, you can't use it to perform UI functional testing.
You should use one of the tools dedicated to that, like Selenium.
The best way to go is to split your testing in two separate projects.
Backend functional testing with Rest-Assured (Making REST calls).
Frontend functional testing with Selenium (Using Selenium).
The application is using Minitest on Rails 4 with Capybara.
I'd like to write an integration or feature test that stubs a websocket connection (the application uses Faye as a client) to return a specific message (like I'm used to doing with Webmock).
Is this possible? If so, can you provide an example? My research has not turned up any examples.
Your research hasn't shown up any examples because it's not really what you're supposed to be doing in feature tests. Feature tests are supposed to be end-to-end black box tests where you configure the data as required for the app to generate the desired results and then all interaction is done via the browser (no mocking/stubbing which technically alter your apps code). Additionally when connections between the browser and a 3rd party service are involved there is nowhere in your app where you can mock it.
It may be possible to stub a websocket connection from the browser with a programmable proxy like puffing-billy, however it's generally cleaner to produce a small fake version of the 3rd party service for testing purposes (sinatra app, etc) and point the browser at that rather than the original service when you need to craft custom responses. Additionally, there are a lot of fakes already out there, depending on what service you are using (fake-stripe, fake-s3, etc), which may provide the functionality you're looking for.
We were trying to create a mobile HTML5 web app. We call a service hosted in domain xyz.com using javascript and we run into the same-domain origin policy issue. We have to use CORS to make the cross domain requests. But if I make the same request using a native iOS app, it works fine even without the access-control headers that are needed for CORS.
This may seem like a noob question, but why does same origin policy only apply when making calls using javascript for web apps and not for native apps?
It's completely arbitrary to be honest but there is some thought behind the policy. In Javascript land you are much less in direct control of what's being executed and from where.. take a look at this page alone and you'll see several different server sources.. and so the same origin policy was implemented in order to minimise the risk of running arbitrary, untrusted code from third parties within your browser.
In native land you have more control and must actively choose to instantiate a JS context and run whatever you've received.. so it seems reasonable to suspend the same origin requirement in that case.
My Load Generator needs to authenticate on the proxy so it can hit the target. Is there a way to do this without access to anything other than the performance center frontend?
Thanks
Can Rails integration tests hit another server for OpenId authentication?
When my Rails application, running on http://localhost:3000/, redirects to http://localhost:1123/server for OpenId authentication, Rails fake browser actually goes to http://localhost:3000/server. It seems like the fake browser used in the integration tests is ignoring the hostname and port, and just picking up the directory part of the path.
Any ideas how to allow that redirect to arrive at a separate server?
The 'fake browser' indeed only accesses the Rails application, and nothing from without. Which is good, because your tests would fail if you OpenID server is down.
The best solution is to use the 'fakeweb' gem. This allows you to emulate a remote response and test your applications behaviour accordingly.