Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Perform real HTTP requests when needed #254

Open
azmeuk opened this issue Aug 20, 2023 · 2 comments
Open

Perform real HTTP requests when needed #254

azmeuk opened this issue Aug 20, 2023 · 2 comments

Comments

@azmeuk
Copy link
Member

azmeuk commented Aug 20, 2023
edited
Loading

Here is my usecase: my application authenticates against an OAuth2 server, and I want to test how my app behaves during the user authentication phase. Usually it goes like this:

  • users try to access to a protected endpoint
  • the endpoints redirects to the authentication server
  • the authentication server logs the users in if needed and get user consent if needed
  • it redirects back to a given endpoint in the application
  • that application endpoints performs a new request to the authentication server and gets a token that authenticates the user

Currently in my tests, I run a basic authentication server wsgi application in a thread. You can see a real world example in pytest-iam, but a nominal case looks for example like:

def test_nominal_case(iam_server, user, testclient)
    # attempt to access a protected page
    res = testclient.get("/login")

    # authorization code request (already logged in an consented)
    res = requests.get(res.location, allow_redirects=False)

    # access to the application redirection URI
    res = testclient.get(res.headers["Location"])

While this is functional, making the call to requests by hand (or any other http lib) is cumbersome, and I think this would be nice if webtest could manage this. This would make the test looks like this:

def test_nominal_case(iam_server, user, testclient)
    # attempt to access a protected page
    res = testclient.get("/login")

    # authorization code request (already logged in an consented)
    res = res.follow()

    # access to the application redirection URI
    res = res.follow()

There may be restrictions to set up, like for instance only perform requests for given domains like localhost.

What do you think?
Should this belong in webtest or in another library? We could think of a lib webtest-requests that would bring this behavior for instance.
If this could be done in webtest, what http lib should be used?
@gawel
Copy link
Member

gawel commented Mar 4, 2024

Hi, to me you have to mock/avoid external calls. So this feature makes no sense in webtest itself. Maybe it's doable in another library but be aware, this will be very tricky.

I've made some effort 10y ago to use selenium with webtest but this was too messy https://github.com/gawel/webtest-selenium/blob/master/webtest_selenium/sel.py#L210

@stevepiercy
Copy link
Member

Nowadays, I hear more often Playwright > Cypress > Selenium. There are other similar tools, but they all have quirks and other considerations, such as who backs the tool.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@azmeuk @stevepiercy @gawel