This is my first end to end project and I'm rather confused how to structure my tests in a stateful scenario. Let's take my current as an example. I have four different test specs: sign up, login, recover password and change password. Thing is, some of those features are stateful. Login requires an account and change a password requires an account and requires to be logged in.
Now, this could be done in multiple different ways, my question is, what is the right approach?
Force the specs to be executed in sequence. Possibly sign up > login > change password > logout > recover password;
Change password would repeat the login process (would be repeating a test) and use an existing account for these purposes;
Both recover password and change password would repeat the sign up process (would be repeating a test) and use that account for these purposes.
I have read that tests should not rely on each other so option 1 breaks that rule but at the same time options 2 and 3 repeat previous scenario tests that should not be their concern. What approach is the most correct?
Related
Scenario: Login - Click on Add Button - Enter Details - Click on Save Button
10k user
Do I really need 10k login credentials to perform this task or a single login credential can also work?
Does this make any difference in performance metrics?
We don't know, ask your application developers.
Personally I would go for 10k logic credentials as I do believe that a well-behaved performance test must represent real life usage of the application with 100% accuracy and each thread (virtual user) must represent a real user with all related stuff like:
its own credentials
browser-specific entities like:
cookies
headers
cache
handling of embedded resources
handling of AJAX calls
etc.
user-specific entities like:
distribution of scenarios and workload
think times
etc.
No you cannot use same credentials to test the multiple user login . However you can check the performance of the app via logging in same user multiple times , but if you need to test for multiple users you need to login with different credentials.
Giving you an example for different users there can be different data for example Facebook , for Facebook user is directed to homescreen where he/she sees different posts , but the feeds screen will not be same for all the user , data will be different.
so to check efficiently you need to login with different credentials to check the multi user functionality.
I have a bit of an odd problem that I need an elegant solution to. I am using a build tool that requires logging in to a service (AWS CodeArtifact specifically). When I login via CLI, it sets an environment variable - let's call this TOKEN. When I run any build, it requires presence of TOKEN to authenticate.
Now, after logging in, builds in the same shell work but obviously, builds in new shells (which aren't sub-shells) fail because TOKEN is of course not defined. I'm looking at ways to solve this; ideally a solution that does something like this:
Login shell: after logging in, save TOKEN in ~/.token
All shells: run something every minute which sets TOKEN to the value in ~/.token
I have 2 questions:
Is this the best way - or is there something more elegant?
If so, what's the best way to do (2) above?
The final catch is that this is something I'll be distributing to end users on their machines, so it would be great if its easily scriptable.
Thanks in advance - stay safe!
When question 2 is answered, the solution for question 1 is simple:
Start writing a function that will return the token.
TOKEN=$(get_token)
The first implementation will recalculate a fresh token without any caching or sharing.
How often do you need the token? When you don't build every minute, an extra job (cronjob) refreshing the token every minute is not needed. In such a case you can refresh the token before each api-call by calling the function. You do not need to store or share it.
When you do need the TOKEN very often, you can modify the function. Using a file is straight forward, but you can also use another solution like a server (when you want the token available on remote hosts for users who have been identified with some other token).
How to automate the manual process for getting a new token, is the next challenge.
Can you find a method, where you do not need to enter a password (something like using .aws/config or (better) assigning the right roles to your server)? Or do you need to script the call with expect?
The API call get-authorization-token requires the codeartifact:GetAuthorizationToken and sts:GetServiceBearerToken permissions.
I want to do load test using JMeter. The issue is that I get login after MFA (Multi-factor authentication).
It always shows the result status with no success.
The purpose of MFA is to forbid automation, so in few words, it's impossible.
You should disable it to performance test the underlying application.
I faced several times this problem that can have many faces and solutions.
Basically you get down to:
enter a dynamic PIN, or
enter some serial ID, or
sign some token.
The last two are simple, as you can ask your customer/system owner to give you the data and do the task (e.g. get a set of test certificate to sign the tokens, or a set of test ID).
In case of dynamic PIN, you can ask the system owner to set a range of user with fixed PIN (this require a code modification) or to provide you a library that dynamically generates correct PINs (the same they use to generate the PIN they send via SMS).
The latest is the best solution but requires a very high trust.
Is there any way to login other users account for admin user ?
Currently authentication based on Meteor Accounts
I saw this post but didn't working at all now.
The feature is important for us because when user have problem in system then admin need to see it this by simulating user account.
Thanks in advance.
It seems you want to impersonate a user. This means that you want to have Meteor.userId (or this.userId depending on context) reflect the _id of a specific user both on the client and the server.
afaict the only way to do this is to login as the user. Presumably you don't want to ask the user for their password so you have a couple of choices:
Save their existing password, replace it (temporarily) with a password of your choosing, then after you're done impersonating their account, restore their existing password.
You probably don't want to ask the user for their password and you don't need to. All you need to do is set aside Meteor.user.findOne(userId).services.password.bcrypt, then reset the password to your temporary value, then restore the original bcrypt value later.
The downside is that the original user would not be able to login while you are logged-in. Plus it's really hacky.
Extend Meteor's Accounts package to provide impersonation capability in a more elegant manner.
You might also look at validateLoginAttempt. The docs are unclear as to whether a failed login attempt could be overridden with a successful one but if it could then that would provide another pathway to solve your problem.
Instead of logging in as the users, which requires their password and which is a total no-no, you may use rather alanning:roles and allow the admin to assign the role of any user in order to draw views based the user's role.
This requires a well designed role system.
As a plus you could then at least load the documents associated with the user who you want to support.
This requires a well designed document and data model.
But generally spoken you should rather focus on writing good tests (test driven development) for components as unit tests, integration tests and UI tests.
This will reduce the need to manually view the app as an end user a lot.
The most common end user problems can be reduced by creating a good knowledge base like a wiki or video tutorials.
Even if then an error occurs in the end user side, I would rather try to implement a well designed error log that allows users automatically create tickets on error which also include the error stack.
All the above methods are to be favored before logging in AS THE USER.
As #Jankpunkt has already mentioned alanning-roles I can add something you can use without installing any external package.
Just keep a type key in the profile object of the users collection. Then define some types like 1 for super-admin, 2 for admin, 3 for general etc. Then check the authorisation of particular action by checking the value of user.profile.type key.
Caveats: Make sure you are checking the type in server side. By default profile field is writable from the client end, so if you are putting type field in the profile object make sure that you are not allowing users to modify users collection in the client end.
Here is how to restrict client end update in users collection:
Meteor.users.deny({
update() { return true; }
});
Read more on roles and permissions here:
https://guide.meteor.com/accounts.html#roles-and-permissions
I am developing a VB.NET based application which requires administrative privileges in order to run properly. However I went through several tutorials online and it all mentioned how to do this using a mainifest file. The problem with this technique is that whenever the program is opened I need to type in the Administrator password, however I want this to happen automatically. (The user should not type the Admin password, the password must be entered from the code level)
The following code is the closest I could find, but it too does not satisfy my problem,
Dim securePass As New Security.SecureString()
Dim pass As String = "password"
For Each c As Char In pass
securePass.AppendChar(c)
Next
' If there isn't a domain, set the argument to 'Nothing', as demonstrated below.
Process.Start("testsoftware\WinKBSel\WinKBSel1003.exe", "username", pass, Nothing)
Could anyone please let me know how I could do this without requiring the user to enter the administrator password?
You would probably be best splitting the application up, if you had a back-end service that runs under an administrator account your application could use that to do stuff it requires at an elevated privilege. UAC is designed to protect the user from themselves, you can get around it by adding a backend service... but be very careful about opening up holes in this way as they could be exploited by other applications/viruses. Storing an administror password inside an application is always a bad idea as the application could be decompiled and the password extracted.
You cannot create a program that will automatically log on as a user unless the username/password is already known.
That means that you're either restricted to running on systems where your app already knows the credentials, your user has to enter the credentials into your app, or your user has to use the "Run As" functionality in Windows to use the correct user.
If what you're proposing were actually possible, it would represent a huge security hole: you'd be able to run any code as any user without requiring authentication first. That is not a good thing!
Think about it like this: if you were sold a program that would automatically log on as administrator even without your permission, how would you feel?
UAC is designed so that you cannot do what you want. UAC ensures that in order to elevate the user must pass through a UAC dialog (either the admin consent dialog or the over-the-shoulder dialog). You need to adapt your expectations to the reality of UAC.
You don't need a code for this action, UAC is made so you can automatically log on without the user's permission. What you can do is use the manifest and change the startup so when the application starts it runs as administrator and asks for permission! Change the manifest. look it up!