Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: e2e tests #143

Merged
merged 37 commits into from
Jul 20, 2019
Merged

Feature: e2e tests #143

merged 37 commits into from
Jul 20, 2019

Conversation

UlisesGascon
Copy link
Collaborator

@UlisesGascon UlisesGascon commented Jun 8, 2019
edited
Loading

Ready for review (See #142 )

@UlisesGascon UlisesGascon changed the title Feature: e2e tests Feature: e2e tests (NO MERGE) Jun 8, 2019
@ckarande
Copy link
Member

ckarande commented Jun 8, 2019

@UlisesGascon Awesome! Great work with e2e setup and login page tests. This has been in my wishlist for a long time and great to see the progress you have made towards it 👍.

Yes, good idea to have a dev branch. We can expand the contributor's guide section on the README.md explaining the proposed git workflow to follow for PRs.

@binarymist
Copy link
Collaborator

In regards to test location, would it make more sense to put these tests in /test/endTwoEnd/ (or what ever the dir naming convention is), or /test/integration/, or even /test/integration/cypress/ at worst case?

In terms of coding to interface rather than implementation and the Liskov substitution principle I'm not sure the dir should be named after the technology as opposed to the intent of the tests?

UlisesGascon and others added 19 commits June 10, 2019 14:42
@UlisesGascon
Added signIn command to Cypress
19a6b26
@UlisesGascon
Added tests for /benefits #142
7ff3a80
@UlisesGascon
Minor Changes
5ddceb1
@UlisesGascon
Profile Route testing spec added #142
d4dc2d9
@UlisesGascon
removed unused functionality
b803008
@UlisesGascon
Allocations Route testing spec added #142
5ccbb9b
@UlisesGascon
Contributions route testing spec added #142
2453101
@UlisesGascon
Memos route testing spec added #142
1f81916
@UlisesGascon
Bug fixed. Missing command
0020f9c
@UlisesGascon
Logout route testing spec added #142
dae20f4
@UlisesGascon
Signup route testing spec added #142
3e07c44
@UlisesGascon
General testing spec added #142
640898b 
- Support 404
- Nav Menus
@UlisesGascon
e2e tests refactor and improvements #142
8a03319 
- Removed unnecessary files
- Refactor Test logic
- Improved syntax
- Added Database resets before and after every spec file
- Added logout after every test
- Improved legibility by adding more Cypress Commands
@KoolTheba
Research route spec #142
b5eb5f6
@KoolTheba
Learn route spec #142
4d0b549
@KoolTheba
Tutorial route spec #142
600e6db
@KoolTheba
Added exception to manage wrong connection
5eaeb52
@KoolTheba
Dahboard route spec #142
f732e25
@UlisesGascon
Merge pull request #1 from KoolTheba/master
1ac31f9 
e2e test added
@ckarande
Copy link
Member

@UlisesGascon @KoolTheba ..Great Work..🎉🎉
Thank you so much for this valuable addition to Nodegoat.

I like the way you organized the tests and covered the key features. I have just a few of minor thoughts:

  • On running the package.json script test:e2e from terminal didn't start the execution of the NodeGoat tests for me. I think the test runner looks for the cypress folder with tests at the project root level. I got the test running by moving them to root and fixing the env path but I am sure this is not the intended way. Can you please add a section in the README.md with specific instructions you follow to allow the test runner to locate the tests in tests/e2e folder when running npm run test:e2e command?
  • Regarding the failing tests for the/profile endpoint, the profile feature is not intended for an admin user. On the UI, there is not direct link for an admin user to access the profile page. It is true that an admin user can explicitly open the profile url in the browser address bar (as the tests are doing) and access the page that way, but that is not the path we need to add tests for. In fact, besides the benefits, login, and logout features, no other features are intended for the admin user. So we can remove the test Should be accesible if the user is an admin from all other behaviors including profile, learn, contributions, memos, research, allocations, and dashboard.
  • Do you find the Triple slash directives or tsconfig type declaration helpful to get the auto complete hints in VS Code while writing the tests? If so, can we add it?

Rest of the tests and setup looks great to me 👍

@UlisesGascon
Copy link
Collaborator Author

Thanks for the feedback @ckarande 👍

  • @KoolTheba will refactor the test
  • I love your ideas for VSCode.
  • I will check the bug in the test:e2e part.

@ckarande
Copy link
Member

ckarande commented Jun 21, 2019
edited
Loading

Thanks @UlisesGascon & @KoolTheba.

@UlisesGascon
Copy link
Collaborator Author

@ckarande please check if the tests are working as expected, I forgot to add the config file in the previous commits 😓

@KoolTheba
Copy link
Contributor

@ckarande I think all the changes you suggested are done 💪 Please review! ^^

@ckarande
Copy link
Member

@UlisesGascon @KoolTheba, fantastic! Thank you very much for your efforts on suggested changes.

I had two failing tests for the profile page. The Should first name be modified test is failing correctly because changes to the first name field not saving correctly. This is a bug in the application itself (great catch by tests. I didn't even notice this defect earlier) and I have opened an issue #145 for it.
I will take care of it at some point, but for the failing test, can we update it to use the last name or any other field on the profile page, so that the issue #145 won't block starting on the travis CI integration feature(#144).

The second test failure came from the Google search this profile by name test. This test seems to look for a keyword 'google' in the href attribute of the anchor tag. Should it look for it in the body of the anchor tag instead?

Other than above two items, rest of the changes look great to me. Well done. I am very excited and looking forward to include this test suite as part of the NodeGoat codebase! 🥇

@UlisesGascon
Copy link
Collaborator Author

Thanks for the feedback @ckarande! :-)

I will skip Should first name be modified inside the PR for #145. I like as well that we discovered already a bug just testing ^^.

Regarding Google search this profile by name I am not so sure what is the expected behaviour. The current generated link is not a valid link. I mean… the idea is generate a link for google yourself like: https://www.google.es/search?q=node+goat?
Captura de pantalla 2019-06-26 a las 8 26 05

@ckarande
Copy link
Member

@UlisesGascon I believe the idea behind this link was to just include a malicious payload (user supplied firstname in this case) to demo XSS in the URL context. It doesn't really go to google for search. @lirantal please suggest if you recall this. At some point we should include more details on this in the tutorial.

@lirantal
Copy link
Collaborator

Yep as @ckarande pointed out, the idea was to show an XSS in a URL context (so to apply proper encoding). We didn't really care that it's not a valid google search link.

@UlisesGascon
Copy link
Collaborator Author

Thanks for the explanation @ckarande @lirantal. I will remove that check from the expect. I believe that we can merge the PR after that ;-)

@UlisesGascon
Copy link
Collaborator Author

Ready! 🎉

@ckarande
Copy link
Member

ckarande commented Jul 7, 2019

@UlisesGascon Looks great. I see the first name related test passing, but I have one test failure for Google search this profile by name.

Apparently the test is looking for "target" attribute present in the anchor tag, but it is not in the template.

<a href="{{firstNameSafeString}}">Google search this profile by name</a>

Should we just remove this assert?.should('have.attr', 'target', '_blank')

@UlisesGascon
Copy link
Collaborator Author

All ready @ckarande. I removed the target validation part :-)

@ckarande
Copy link
Member

Awesome @UlisesGascon . I am merging the PR. Thank you for your valuable contribution 🎉

@ckarande ckarande merged commit bb7412c into OWASP:master Jul 20, 2019
@UlisesGascon
Copy link
Collaborator Author

Thanks for the merge! I will keep pushing changes to the repo after this weekend. I was focus on personal matters the last few weeks, sorry for the delay ;-)

@UlisesGascon UlisesGascon deleted the feature-e2e-tests branch July 24, 2019 11:17
@ckarande
Copy link
Member

No worries at all. In fact, thanks for managing time for it.👍
As a next step, should we focus on the Travis CI integration to run these tests?

@UlisesGascon
Copy link
Collaborator Author

Yeah! I am very close to send the PR, I just detected an issue with Travis and Cypress regarding child processes. But I hope that very soon I will be able to send the PR :-)

skazy737 pushed a commit to skazy737/DevOPS that referenced this pull request Oct 11, 2024
@UlisesGascon
Missing config file
c427208 
Bug discovered by @ckarande at OWASP/NodeGoat#143 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lirantal lirantal lirantal left review comments

Assignees

@UlisesGascon UlisesGascon

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@UlisesGascon @ckarande @binarymist @KoolTheba @lirantal