Scenario: Automated Testing for User Authentication and Authorization

1. Introduction

User authentication and authorization are vital for web applications, ensuring secure access and correct permissions. Automated testing verifies these functionalities, ensuring only authenticated users access protected routes and have appropriate permissions.

2. Setup

Technology Stack:

• Framework: Selenium WebDriver
• Language: Python
• Test Runner: PyTest
• Browser: Chrome (headless for CI environments)
• Libraries: Faker (for test data), pytest-html (for reporting)

Test Environment:

• Use a staging environment mirroring production.
• Include test users with different roles (e.g., admin, regular user).

3. Test Case Design

Test Case 1: User Login

Objective: Verify valid user login.

from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.common.keys import Keys
import pytest
import time

def test_user_login():
    driver = webdriver.Chrome()
    driver.get("https://example.com/login")
    
    username_field = driver.find_element(By.ID, "username")
    password_field = driver.find_element(By.ID, "password")
    
    username_field.send_keys("testuser")
    password_field.send_keys("securepassword")
    password_field.send_keys(Keys.RETURN)
    
    time.sleep(3)
    
    assert "Dashboard" in driver.title
    
    driver.quit()

Test Case 2: Access Control

Objective: Ensure regular users can’t access admin pages.

def test_access_control():
    driver = webdriver.Chrome()
    driver.get("https://example.com/login")
    
    driver.find_element(By.ID, "username").send_keys("regularuser")
    driver.find_element(By.ID, "password").send_keys("password123")
    driver.find_element(By.ID, "password").send_keys(Keys.RETURN)
    
    time.sleep(3)
    
    driver.get("https://example.com/admin")
    
    error_message = driver.find_element(By.CSS_SELECTOR, ".error-message")
    assert "Access Denied" in error_message.text
    
    driver.quit()

Test Case 3: Role-Based Access

Objective: Ensure admin users can access the admin panel.

def test_admin_access():
    driver = webdriver.Chrome()
    driver.get("https://example.com/login")
    
    driver.find_element(By.ID, "username").send_keys("adminuser")
    driver.find_element(By.ID, "password").send_keys("adminpassword")
    driver.find_element(By.ID, "password").send_keys(Keys.RETURN)
    
    time.sleep(3)
    
    driver.get("https://example.com/admin")
    
    assert "Admin Dashboard" in driver.title
    
    driver.quit()

4. Execution and Reporting

• Running Tests: Use PyTest.

  pytest -v --html=report.html
  

• Reporting: Generate detailed HTML reports using pytest-html.

5. CI/CD Integration

Jenkins Pipeline Configuration:

pipeline {
    agent any
    stages {
        stage('Checkout') {
            steps {
                git 'https://github.com/your-repo/your-project.git'
            }
        }
        stage('Install Dependencies') {
            steps {
                sh 'pip install -r requirements.txt'
            }
        }
        stage('Run Tests') {
            steps {
                sh 'pytest -v --html=report.html'
            }
        }
        stage('Archive Report') {
            steps {
                archiveArtifacts artifacts: 'report.html', fingerprint: true
            }
        }
    }
}

6. Conclusion

Automated testing for authentication and authorization ensures web application security and functionality. Using Selenium and integrating with CI/CD pipelines, teams maintain high standards, catch issues early, and ensure only authorized access to features.