How to functionally test an application with OpenId on Play2?

Question

Let's say the app is protected with OpenId login (and only OpenId). Once the user has successfully authenticated via OpenId, I set an attribute in the session like this :

 Redirect(routes.Application.index).withSession('email -> userinfo.email)

Now, since a lot of the apps functionality relies on Javascript, the tests must be run on Selenium/Fluentlenium. How can I fake a connected user in my tests?

EDIT : As answered below, creating a user in the OpenId provider is not really an answer for two reasons:

The OpenID provider is Google and Google only.
I do not want to test if Google's OpenId is working as they probably test it way better than I ever could, I want to test the functionality of my app.

I would rather like to fake a connected user by manually setting the email attribute in session in fluentlenium but I have found no API to do this.

It's probably not the best practice to use a users email address as a token like this. The only way for a user to invalidate other sessions is to change their email address. I hate that the Play examples do this. — drstevens, Oct 20 '13 at 03:00

score 1 · Answer 1 · answered Oct 14 '13 at 18:07

We have done this by extracting the OpenId integration into a trait which has got a real implementation (google) and a dummy one, in our case with a hardcoded user that gets logged in, this has also been useful to be able to use the app in devel mode without actually having to log in for real.

The actual trait is as simple as this:

sealed trait AuthLogic {
  def login: Action[AnyContent]
  def callback: Action[AnyContent]
}

Which is then implemented by the google one and the dummy, the actual instance used is decided upon first access (lazy val) by a configuration flag. All the dummy one does is redirect directly from login to callback, and then faking a login inside the callback implementation.

Hope this helped!

This seems to be an interesting solution. Will give it a try. — i.am.michiel, Oct 18 '13 at 14:00

score 0 · Answer 2 · answered Oct 09 '13 at 14:43

0

Why don't you create test account in OpenId supplier and use its username/password in your selenium scripts?

Testing in selenium/Fluentlenium concludes that your application is quite integrated (OpenID is setup as you mentioned, I suspect that DB is connected as well).

answered Oct 09 '13 at 14:43

pawel.panasewicz

1,831
16
27

That is not really a solution. The app is Google OpenID exclusive. I do not want to create an Google account for testing only. I would like to fake it rather. – i.am.michiel Oct 10 '13 at 09:33

drstevens · Answer 3 · 2013-10-20T02:57:32.457

0

I've never used fluentlenium, but I assume you have access to the underlying selenium webdriver? If so, can't you just set a cookie? You'll just need to save a valid, signed session cookie.

http://docs.seleniumhq.org/docs/03_webdriver.jsp#cookies

edited Oct 20 '13 at 02:57

answered Oct 20 '13 at 01:37

drstevens

2,903
1
21
30

How to functionally test an application with OpenId on Play2?

3 Answers3