One of the most important challenges in automated testing, in my opinion, is to ensure its high reliability. In solving the problem of improving the test reliability indicators, the approach of using the API interface instead of the UI has proven itself well. In this article, we will analyze in detail a simple mechanism for replacing UI authorization with API.
There are many types of authentication - Basic, Digest, Form, OAuth 1 and OAuth 2. As an example, I propose to consider one of the simplest, namely Form. The main goal of the article is to show the approach to implementing the authorization API for UI tests. We will write tests and implementation in Java. From the tools we will use Chrome DevTools.
We use Kanboard and DVWA as test objects . These are open source products with an open license and are fairly easy to deploy locally. Follow the links to read more about these products and, if necessary, read the instructions from the sweep.
Create the project using maven and add testng, selenide, rest-assured, json-path, jsoup, maven-compiler-plugin and maven-surefire-plugin.
Log in to Kanboard with the Network Chrome DevTools tab open.
By analyzing DevTools, we can find out the authorization algorithm. In this case, two requests are made for authorization: GET with two query parameters and POST with a login / password pair and a csrf token. The first request is required in order to get the KB_SID cookie. The second is for the KB_RM cookie. By setting both of these values ββin the WebDriver, we get access to the main page.
The first request in RestAssured will look like this
Response response01 = given()
.queryParam("controller", "AuthController")
.queryParam("action", "login")
.when()
.get(BASE_URL);
From it we get the KB_SID cookie
String cookieKBSID = response01.getCookie("KB_SID");The CSRF token is in the home of the HTML page that we can see in the response body.
The jsoup library will help us get it, which allows us to split a document into elements. Searching is done in the same way as Web items.
String cSRFToken = Jsoup.parseBodyFragment(response01.body().asString())
.getElementsByAttributeValue("name", "csrf_token").attr("value");The second request to RestAssured will look like this:
Response response02 = RestAssured
.given()
.config(RestAssured.config()
.encoderConfig(EncoderConfig.encoderConfig()
.encodeContentTypeAs("x-www-form-urlencoded", ContentType.URLENC)))
.contentType("application/x-www-form-urlencoded; charset=UTF-8")
.formParam("remember_me", "1")
.formParam("username", "admin")
.formParam("password", "admin")
.formParam("csrf_token", cSRFToken)
.queryParam("controller", "AuthController")
.queryParam("action", "check")
.cookie("KB_SID", cookieKBSID)
.when()
.post(BASE_URL);, (encoderConfig, encodeContentTypeAs).
KB_RM cookie.
String setCookieHeaderValue = response02.header("Set-Cookie");, , cookie.
WebDriverRunner.getWebDriver()
.manage().addCookie(new Cookie("KB_SID", cookieKBSID));
WebDriverRunner.getWebDriver()
.manage().addCookie(new Cookie("KB_RM", cookieKBRM));
Selenide.open(url);DVWA , .
, . , β RestAssured.
, .