Email Subscription Form

Saturday, February 29, 2020

More Fun With Cypress

Two weeks ago, I wrote about my first experiences using Cypress.io.  I was intrigued by the fact that it was possible to do http requests using Cypress commands, so this week I decided to see if I could combine API commands with UI commands in the same test.  To be honest, it wasn't as easy as I thought it would be, but I did manage to come up with a small proof-of-concept.


Part of the difficulty here may lie in the fact that there aren't many websites around on which to practice both UI and API automation.  For my experimentation, I decided to use the OWASP Juice Shop, which is a great site for practicing security testing.  I wanted to log into the site using an HTTP command, and then use the token I retrieved from my login to navigate to the site as an authenticated user.

Setting up the HTTP command was pretty easy.  Here's what it looks like:

var token;

describe('I can log in as a user', () => {
    it('Logs in', () => {
        cy.request({
  method: 'POST',
  url: 'https://juice-shop.herokuapp.com/rest/user/login',
  headers: {'content-type':'application/json'},
  body: {
    email: 'foo5@bar.com',
    password: '123456'
  }
})
  .then((resp) => {
    const result = JSON.parse(JSON.stringify(resp.body));
    token = result.authentication.token;
        expect(resp.status).to.eq(200);
    })
});
});

Let's take a look at what's happening here.  First I declare the token variable.  The 'I can log in as a user' and 'Logs in' parts are just the names of the test section and the test.  Then we have the cy.request section.  This is where the http request happens.  You can see the method, the url, the headers, and the body of the request.  Next, there's the then((resp), which shows what the test is doing with the response.  With const result = JSON.parse(JSON.stringify(resp.body)), I'm parsing the body of the response into JSON format and saving it to a result variable.  Then I'm setting the token variable to result.authentication.token.  Finally, with expect(resp.status).to.eq(200) I'm doing a quick assertion that the status code of the response is 200 just to alert me if something didn't come back correctly.

Next, I loaded the web page, and included the token in the browser's local storage so the web page would know I was authenticated:

describe('Is logged in', function() {
  it('Is logged in', function() {
    cy.visit('https://juice-shop.herokuapp.com/#/', {
    onBeforeLoad (win) {
      win.localStorage.setItem('token', token)
    },
  })
    cy.contains('Dismiss').click();
    cy.contains('Your Basket').should('be.visible');
  })
});

With this line: cy.visit('https://juice-shop.herokuapp.com/#/' I'm navigating to the web page.  With the next section:

    onBeforeLoad (win) {
      win.localStorage.setItem('token', token)
    },
  })

I'm telling the browser to put the token I saved into local storage.  There was a popup window with a "Dismiss" button that appeared in the browser, so I closed it with cy.contains('Dismiss').click(). And finally with cy.contains('Your Basket').should('be.visible') I asserted that the link called "Your Basket" was visible, because that link doesn't appear unless the user is authenticated.

My code definitely wasn't perfect, because I noticed that when I manually logged in, I saw my email address in the Account dropdown, but when I logged in through Cypress, the email address was blank.  I also tried doing some other UI tasks, like adding an item to my cart, but I had trouble simply because the application didn't have good element identifiers.  (I so appreciate developers who put identifying tags on their elements!  If your developers do this, please thank them often.)  And there may be irregularities with this application because it was specifically designed to have security holes.

It would be very interesting to see how easy it would be to set up API and UI testing in Cypress when testing an application with normal authentication processes and good element identifiers!  However, I think my experiment showed that it's fairly easy to integrate API and UI tests together in Cypress.

18 comments:

  1. Great content material and great layout. Your website deserves all of the positive feedback it’s been getting تحويل word الى pdf

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Hey Guys !

    USA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
    All Leads have genuine & valid information

    **HEADERS IN LEADS**
    First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term deal
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  4. Are you interested in trading bitcoin binary and forex trade where you can earn 100% of your investment daily If you invest as low as $200 you will get a profit of $2,000 after 72 hours if you are intrested you can contact him via email: hackintechnology@gmail.com +12132951376(WHATSAPP)

    ReplyDelete
  5. TUTORIALS AVAILABLE FOR
    SPAMMING
    CARDING
    CASHOUTS
    MOBILE DEPOSITS

    -->SPAMMING price == 200$
    >What you need to start spam

    -->CARDING price == 300$ (Includes All Carding)

    How to use eBay Carding, Amazon Carding, Adidas Carding, BITCOIN CARDING, WALMART CARDING, WESTERN UNION CARDING
    WORLD REMIT CARDING METHOD

    >APPLE PAY & ANDROID TAP CASH

    >BANK TRANSFER

    -->DUMPS+PINS price == 85$
    (How to use & create dumps with pins track 1 & 2)
    >HOW TO CASHOUT DUMPS+PINS

    >MOBILE DEPOSIT
    >SAFE SOCKS5 (USA)

    -->SMTP Linux Root
    *--price ==150$--*

    Also SELLING

    >SERVER I.P's price == 200$ in bulk
    >USA EMAILS with Passwords price ==150$ in bulk
    >SSN Fullz with Driving license price == 2$ each

    **Contact 24/7**
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  6. BE SMART AND BECOME RICH IN LESS THAN 3DAYS....It all depends on how fast 
    you can be to get the new PROGRAMMED blank ATM card that is capable of
    hacking into any ATM machine,anywhere in the world. I got to know about 
    this BLANK ATM CARD when I was searching for job online about a month 
    ago..It has really changed my life for good and now I can say I'm rich and 
    I can never be poor again. The least money I get in a day with it is about 
    $50,000.(fifty thousand USD) Every now and then I keeping pumping money 
    into my account. Though is illegal,there is no risk of being caught 
    ,because it has been programmed in such a way that it is not traceable,it 
    also has a technique that makes it impossible for the CCTVs to detect 
    you..For details on how to get yours today, email the hackers on : (
    atmmachinehackers1@gmail.com ). Tell your 
    loved once too, and start to live large. That's the simple testimony of how 
    my life changed for good...Love you all ...the email address again is ;
    atmmachinehackers1@gmail.com

    ReplyDelete
  7. Do you need personal loan?
    Loan for your home improvements,
    Mortgage loan,
    Debt consolidation loan,
    Commercial loan,
    Education loan,
    Car loan,
    Loan for assets.
    financialserviceoffer876@gmail.com Whatsapp +918929509036

    ReplyDelete
  8. I was thrown out of my own house was sleeping in a hotel for weeks she also took possession of my son could only see him once a week then I found out she was in love with my accountant all these while so I went online and I came across a Russian private investigator who help me get all my properties and my accounts back even my company back how he did these I don’t know but I gave all the information he asked for and followed all his instructions and now I’m happy my life’s better now.
    Thanks to HACKINTECHNOLOGY@CYBERSERVICES.COM
    I just said I should share my own story here
    Thank you

    ReplyDelete
  9. I am posting this review here because I want to be of help to everyone out there, after going through a lot to recover my bitcoin even though many people told me it’s impossible.
    If you have lost your bitcoin as a result of investing in binary options, trading platforms, your account was hacked or other bitcoin related scams, then You’re not alone. (I lost over ($30,000 to skyrockettrade)
    Being a scam victim myself, I tried several means to recover my funds all to no avail, till I came across a cyber crime and recovery expert’s address online wizardbrixton@gmail.com . He literally saved my life, all i lost to these fake investors skyrockettrade was recouped in just a few days (a total of 3.7721 BTC) , send a message to the contact above if you’ve been in such situations and you are seeking recovery, go get yourself the help you need contact :wizardbrixton@gmail.com

    ReplyDelete
  10. Never met any hacker as discreet and fast like this White Collar Hackers. They are called WhiteHats and they has helped me in multiple ways first was when my ex spouse cheated on me- they got me every information from my spouse phone number and now they are helping me paying my credit cards debts. They have the best hacking tools plus service any one can ever imagine and I recommend him to the world. I am thankful and grateful for the second chance. Honestly, WhiteCollar hackers are life savers please contact them here if you need their swift service Email; WhitehatspytechATcyberservicesDOTcom

    ReplyDelete
  11. CRYPTOCURRENCY SECTRETS FINALLY REVEALED.

    LEARN HOW TO EARN BITCOIN IMMEDIATEDLY AFTER STARTING.

    DISCOVER HOW TO GENERATE BITCOIN EVERYDAY.

    EDUCATE YOURSELF ON THE MARKET.

    SHARE AND EARN ALL FROM HOME ON YOUR PHONE. visit our site https://alphabitmining.com/

    ReplyDelete
  12. I will strongly love to recommend the services of the best team of dark web hackers. they are professional and very discreet in carrying out their jobs, they have the best customer service agents and satisfaction at heart. If you have any services you wish to contact them for, go on albertgonzalezwizard (@) gmail com / Whatassp +31684181827 or Telegram:  +31687920980. They help track and monitor your cheating partner's phone without his idea, clear or erase criminal records as well as repair a bad credit score, all social media hacks,funds recovery and many others.

    ReplyDelete
  13. Amazing unique article direct to the point. Many articles I come across these days do not really provide anything that attracts others as yours, but trust me the way you interact is literally awesome I do respect that so much. I will instantly get your rss feed to stay informed of any updates you make and as well take the advantage to share some vital information regarding performance handgun
    Ruger American Compact 9mm Hand Gun which many are not yet informed of. This portable handgun is now available worldwide. Not over demanding, I will also take the advantage to ask for your permission to join our 179.3k members TELEGRAM CHANNEL
    .As to share with us your ideas on Ruger American Compact 9mm HandGun or any latest update on your blog.
    Thanks

    ReplyDelete
  14. Thanks for sharing your blog. If you are interested in Best Cypress Courses & Certification, feel free to visit our website.

    ReplyDelete
  15. Need A Hacker Who Can Recover Stolen Or scam*ed BTC?

    If you need a genuine hacker who can recover stolen or scam*ed Cryptocurrency RECOVERY MASTERS got you covered, they're secured Hacker from USA who deal with cyber issues of all kind, such as WhatsApp hack, Facebook hack, gmail hack, mobile phone hack, accounts hack, erase criminal records, websites hack, Bitcoin Trade recovery, and other hack relating to cyber issues.
    Contact info: (recoverymasters@email.cz)

    ReplyDelete
  16. contact A Guaranteed Financial Assets Recovery Masters;
    Email; (Recoverymasters@email.cz).
    My name is Sarah, a retired accountant, here's my recommendation,
    Recovery Masters are a team of Experienced Hackers whose focus Is to help Scam Victims Recover their Lost or stolen cryptocurrency, spy on couples spouses to know if they are cheating, clear bad criminal record (database)…… Fixing credit scores and all sorts of cyber Investigations.To anyone who has happened to fall for these swindlers tricks and ended up losing their funds you can reach out to these private investigators through their whatsapp to
    Whatsapp; +1(204)819-5505.
    Don't forget to mention Sarah recommended you.

    ReplyDelete
  17. Everyday news reveals Millions of people have lost their wealth to Bitcoin scam which is now so rampant.
    You can restore the funds those scammers took from you. Bitcoin recovery is one aspect which everyone needs to be careful about. Because I was once a victim of this before, not everything you see on the Internet is real, you need to be very careful cause some people get scam by fake investment platform and go ahead looking for recovery agency to get back there money in the process they get scam again, but a friend recommended a perfect recovery company who help to get this fixed and work out. So today I am glad to recommend the company to whoever lost his or her Bitcoins or cryptocurrency. I would strongly love to recommend Geo Coordinates Hacker. Contact their experts today and they will help you recover your losses. Contact: Email geocoordinateshacker@proton.me. Or Email: geovcoordinateshacker@gmail.com

    ReplyDelete

New Blog Location!

I've moved!  I've really enjoyed using Blogger for my blog, but it didn't integrate with my website in the way I wanted.  So I&#...