堆栈内存溢出
  简体   繁体   English

基于浏览器的身份验证场景中的基于脚本的测试

[英]Script based testing in browser based auth scenario

 原文  2023-01-29 12:55:00       authentication/ github-actions/ continuous-testing

问题描述

We have a web api where auth token is generated after invoking a browser based authentication.我们有一个 web api,其中在调用基于浏览器的身份验证后生成身份验证令牌。 How can this be automated via script in a CI/CD pipeline where there wouldn't be a user action在没有用户操作的情况下,如何通过 CI/CD 管道中的脚本自动执行此操作

1 个解决方案

解决方案1
 0  2023-02-01 09:38:13

The details depend on your concrete technology stack, but you will have to use a headless browser, as pointed out in the comments.详细信息取决于您的具体技术堆栈,但正如评论中指出的那样,您将必须使用无头浏览器。 This is a software that behaves like a browser but doesn't have a UI and is controlled through scripts.这是一款行为类似于浏览器但没有用户界面并通过脚本控制的软件。 Have a look at cypress.io as they have a really good tool for what you need.看看cypress.io因为他们有一个非常好的工具来满足你的需要。

You can have a look at this example we've created at Curity: https://github.com/curityio/redirect-action-example/blob/master/tests/cypress/e2e/authenticationAction.cy.js This shows a Cypress test that performs user authentication through a headless browser and gets an ID token from the response.您可以查看我们在 Curity 创建的示例: https://github.com/curityio/redirect-action-example/blob/master/tests/cypress/e2e/authenticationAction.cy.js这显示了一个 Cypress通过无头浏览器执行用户身份验证并从响应中获取 ID 令牌的测试。

In this repo you will also find a definition of GitHub Actions workflow, so you can check how we put all these together and test via GitHub Actions.在此 repo 中,您还将找到 GitHub Actions 工作流的定义,因此您可以检查我们如何将所有这些放在一起并通过 GitHub Actions 进行测试。

If your authentication flow is a simple one, you can actually script it using curl commands.如果您的身份验证流程很简单,您实际上可以使用 curl 命令编写脚本。 Curl is able to send and receive cookies, so it can mimic browser requests. Curl 能够发送和接收 cookies,因此它可以模拟浏览器请求。 With curl you will have to hardcode what requests are being sent and their model, so it might be a bit more tricky with some complicated flows.使用 curl,您将不得不硬编码正在发送的请求及其 model,因此对于一些复杂的流程来说可能会更棘手一些。 Here's another example we've created at Curity, where curl is used to perform the login flow: https://github.com/curityio/oauth-agent-kotlin-spring-fapi/blob/master/test/login.sh这是我们在 Curity 创建的另一个示例,其中 curl 用于执行登录流程: https://github.com/curityio/oauth-agent-kotlin-spring-fapi/blob/master/test/login.sh

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 CakePHP基于角色的身份验证 - CakePHP role based auth 如何使用ServiceStack进行基于令牌的身份验证 - How to do token based auth using ServiceStack 基于 Jsch 证书的认证和登录 Auth 取消 - Jsch certificate based authentication and login Auth cancel 基于Worklight Adapter的身份验证-直接登录 - Worklight Adapter based auth - Direct login 基于PHP的Author for beardbeard,sab,maraschino - PHP-based Auth for sickbeard, sab, maraschino Facebook何时关闭基于会话的身份验证? - When is Facebook turning off their session based auth? 身份验证 - 在会话和基于令牌的身份验证之间共享相同的经过身份验证的用户 - Auth - share the same authenticated user between session and token based auth 使用对控制器的简单身份验证和基于表单的访问 - Using simple auth and form based access to controllers Rails 4.2:基于角色的Auth和单独的属性 - Rails 4.2: Role Based Auth and Separate Attributes 会话和基于令牌的身份验证之间的技术差异 - Technical difference between session and token based auth
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM