Applications often have login screens. Testing a secured web application requires us to capture the login process as a custom action. That way, we can re-use it repeatedly for as many scenarios as we need.
- If it isn't already running, start up the selenium server in another shell or window by typing:
java -jar selenium-server.jar. - If the
satchmostore application isn't already running, start it up in another shell or window by typing:pythonmanage.pyrunserver.
With the following steps, we will exercise a web application's security and then see how to extend Pyccuracy by creating a custom action that does the same:
- Create a new file called
recipe37.accto contain this recipe's scenario. - Create a story for exercising Django's admin application.
As a system administrator I want to login to Django's admin page So that I can check the product catalog.
- Add a scenario that logs in to the admin application.
Scenario 1 - Logging in to the admin page Given I go to "http://localhost:8000/admin" When I fill "username" textbox with "gturnquist" And I fill "password" textbox with "password" And I click "login" button and wait Then I see that current page contains "<a href="product/product/">Products</a>" - Add a scenario that inspects the product catalog, using the custom login action.
Scenario 2 - Check product catalog Given I am logged in with username "gturnquist" and password "password" When I click "Products" link and wait Then I see that current page contains "robot-attack" - Create a matching file called
recipe37.pycontaining a custom defined action. - Code the custom action of logging in to admin action.
from pyccuracy.actions import ActionBase from pyccuracy.errors import * class LoggedInAction(ActionBase): regex = r'(And )?I am logged in with username ["](?P<username>.+)["] and password ["](?P<password>.+)["]$' def execute(self, context, username, password): self.execute_action(u'I go to "http://localhost:8000/admin"', context) logged_in = False try: self.execute_action( u'And I see that current page contains "id_username"', context) except ActionFailedError: logged_in = True if not logged_in: self.execute_action(u'And I fill "username" textbox with "%s"' % username, context) self.execute_action(u'And I fill "password" textbox with "%s"' % password, context) self.execute_action(u'And I click "login" button', context) - Run the story by typing
pyccuracy_console -p recipe37.acc.
The first scenario shows the simple steps needed to exercise the login screen. After having proven the login screen works, it becomes cumbersome to repeat this procedure for more scenarios.
To handle this, we create a custom action in Python by extending ActionBase. Custom actions require a regular expression to define the DSL text. Next, we define an execute method to include a combination of application logic and Pyccuracy steps to execute. Essentially, we can define a set of steps to automatically execute actions and dynamically handle different situations.
In our situation, we coded it to handle whether or not the user was already logged in. With this custom action, we built the second scenario, and handled logging in with a single statement, allowing us to move on and test the core part of our scenario.