How would someone write automated tests for their site that uses SuperTokens?

[rishabhpoddar]

• For sessions
• For login
• Using postman
• Using code

[kant01ne]

Backend

People will most likely not want to start a SuperTokens core server just to test their backend API.
We could potentially provide:

• Turning on a flag in the SuperTokens.init function would put the node sdk in testing mode and would never require any core interaction.
• mocking capabilities for signin / signup / logout from the NodeJS SDK, which emulates how the core behave
  • no password encryption, cleartext comparison with an in memory storage
• Provide a method that returns working request headers for a given email:

  const authHeaders = SuperTokensMock.getAuthHeaders("[email protected]");
  const res = await fetch('/api/v1/users', {
     headers: {
        someHeaders,
        ...authHeaders
     }
  });

• mocking capabilities for sessions from the NodeJS SDK, which emulates how the core behave

This approach allows developers to test their API easily without having troubles bypassing SuperTokens system. The downside is that it doesn't test if authentication/session management (/ permissions / roles in the future) work well with their system. Most likely, when using a 3rd party you want to trust them and not to implement redundant tests so that's fine.

Front End

In an end-to-end scenario that connects to a NodeJS backend, we would leverage the above which would be completely invisible to the front end.

[rishabhpoddar]

Interesting idea. Will think about this for the next release.

[neongreen]

I'm developing a service that uses Supertokens (managed hosting) and I'm interested in this. What's the current best practice for writing end-to-end tests?

[rishabhpoddar]

@neongreen the current way to do this is to:

• spin up a core with in memory db for running tests. If required, you may want to restart the core during each test. Restarting the core with in mem db would allow you to reset the db state for each test.
• Change the connection URI on the backend to connect to the core you are running during testing (instead of the managed service).
• Use something like puppeteer which will do cookie management for you when logged in automatically.
• We have examples of end to end tests for our lib here (we use puppeteer):
  • https://github.com/supertokens/supertokens-auth-react/tree/master/test/end-to-end
  • (If you use axios): https://github.com/supertokens/supertokens-website/blob/master/test/axios.test.js
  • (If you use fetch): https://github.com/supertokens/supertokens-website/blob/master/test/fetch.test.js