In integration test ca i do the following?,
Is it possible to run integration test with apps having this kind of flow:
app starts -> splash screen-> ad with close button -> amplify auth login screen -> home -> menu home buttons -> another screen so and so..?
Run integration test bypass login screen and do integration test to specific part of the app only
It is, but you'll have to make sure that you can stub/mock all "external" components, the ones you don't really have control over (eg: external ad server, authentication service, ...). You need to be able to take control over these in order to decide for yourself which possible scenario's will play out (eg: ad doesn't load, authentication failed, ...) and also to avoid being dependent on those external components while running your tests. Your best bet is to make sure that you can inject mock versions of the required services and widgets into your application. This might take some refactoring at first, but in the end it should result in clean and better testable code.
Personally, I'm using firebase_auth for authentication. In the setUp of your integration tests, you can then "pretend" the user is already authenticated through the use of MockFirebaseAuth (see firebase_auth_mocks). The idea is the same as in point 1; the firebase authentication service is being mocked, and will just provide the type of User object that you want it to, which would probably be a successfully authenticated user in most cases.
Edit: your app should be set up in such a way that it will first check whether or not the user is already authenticated. If so, just skip the login screen. This way, when the authentication service provides an already authenticated user, the login screen will be bypassed and you can continue testing the rest of your app without having to fill in credentials every single time...
Related
Is there any way by which we can either bypass or handle the Touch ID/Face ID authentication while running our Flutter integration tests wether in emulator or on a real device?
There is no way to interact with those iOS system popups from Flutter integration tests. The same applies to requests for permission like location or camera access.
You can mock the classes that trigger the popups to get around this, i. e. extend the original class and override the methods that trigger the system popup to just return the expected value. You will then decide if you provide the mock or the real class to your app. For your device authentication problem this could mean you don't request real authentication and just return true. For the permission request you need to run the app at least once manually and confirm the permissions. Subsequent runs can be automated integration tests that skip the requests and just assume the user confirmed.
I'm just starting a new project. The result will be an API server and a progressive web app. The API server is implemented with TypeScript and the NestJS framework, the client with Angular 6.
I've been flirting with keycloak for some time. Still, I'm not quite sure it's right for me yet. But I don't want to worry about things like token renewal anymore and find it sexy that Keycloak tells me how to create user roles.
What bothers me, is the following - integration. For my use case it is necessary that the login and all features like password reset and so on are part of my application. That means I want to create forms myself in order to be able to do this perfectly in my own design and not have a second translation process, etc. Keycloak themes are not an option. So is it possible to hide keycloak in such a way, or is it so complex that I shouldn't use Keyloak in the first place? Afaik there is already an issue with password resets - I can't request it from the user side but have to make an REST call to the admin endpoint - which is okay but not ideal since it requires me to do more server side logic ( and that is not why I want to use Keycloak).
In addition, Keycloak is too much about the GUI - which makes it difficult for me, especially during development. Because I also want to provide my team with a local instance of keycloak during development. But what is the concept to import the initial data into realms, apps and also users into Keycloak? I found some JSON imports - but so far only for realms and apps. Is there also a function to import a whole dumb?
So that my team builds on a pre-built setup and has a user for each role. A reproducible setup with Vagrant or Docker which contains the import of initial data - that would be the goal.
So in short my questions:
Is it still worth the effort using Keycloak if I want to use everything via the API or should I simply use Passport and JWT?
Can I have a reproducible setup during my development that includes realms, apps, users, user roles, etc?
So, the question asked few months ago, but I also faces with that question, and I want to answer on it.
I think that you don't need Keycloak, it is fairly enough for you to use OAuth2 and JWT.
Let's justify my answer:
You have just one client - Angular application. Keycloak useful, when you have many clients (web-js, mobile platforms) and you want to create and manage them dynamically. But, I think that, in your case, you create your client once without modification in the future.
Also, Keycloak very useful, when you have a lot of integration with third part systems (Google, Fb, Twitter and etc) because Keycloak has them out-of-box. Or you need to integrate with some SAML or LDAP provider.
You may use Keycloak, if you need some Identity and User management platform, and when you have complicated user access flow.
In the end, you could consider Keycloak, if you need SSO (Single Sign On) feature. Once logged-in to Keycloak, users don't have to login again to access a different application. But, by your description, you have just one application.
Keycloak offers features such as Single-Sign-On (SSO), Identity Brokering and Social Login, User Federation, Client Adapters, an Admin Console, and an Account Management Console.
It's an out of box solution for rapid security layer development of application.You could have single common security layer for multiple application .
You can implement you security mechanism without using keycloak.
I need integrate Liferay (version 6.2) with another service which stores information about users. Communication with service occurs through SOAP.
Is it possible use users from service to authenticate to Liferay?
Liferay integrates with external systems through LDAP already. If you use that interface, you're set. If you need a proprietary API to access user information, you will have some work in front of you.
It might be worth examining the SSO implementation and intercept newly authenticated users on this level: With the user's identity, create or update a Liferay user account on the fly through LIferay's API. To me this looks like the most promising approach from an effort/maintenance point of view, with the little information I have about your situation.
Alternatively you could batch-update all (Liferay-) user accounts from time to time, based on updates in your external system.
Let me see if I understand what need:
1- Step 1: User prompted with A login page.
2- Step 2: The credentials entered by the user are checked against a web service (could be any service)
3- Step 3: The user is either logged in or an auth error displayed to the user.
If that's what you need, then create an autologin hook. The code that call the webs service shall live in the autologin hook.
May seem intimidating, but it is trivial: likely liferay comes with a bunch of them: (take one of them as a template)
auto.login.hooks=com.liferay.portal.security.auth.CASAutoLogin,com.liferay.portal.security.auth.FacebookAutoLogin,com.liferay.portal.security.auth.NtlmAutoLogin,com.liferay.portal.security.auth.OpenIdAutoLogin,com.liferay.portal.security.auth.OpenSSOAutoLogin,com.liferay.portal.security.auth.RememberMeAutoLogin,com.liferay.portal.security.auth.SiteMinderAutoLogin
I have been asked to use ember for front end and java rest services as the backend. I am trying to figure out how to manage session for a particular user.
i know there are couple of options like storing in the local store, cookie but they are error prone as some users might disable those features. I want to know what is the preferred approach in normal enterprise apps.
Mine app is simple 15 page app. i need to capture user, and some profile details.
Session are usually more of server side part. You have to just make sure whether the provided session is available or not for every transformed route and request. There is a library which takes care of authentication and authorization in ember https://github.com/simplabs/ember-simple-auth.
Currently incorporating other forms of login to my application(facebook, etc), which retain session information differently than my native login. Currently doing some testing in memory constrained conditions, where the application will be freed to release the resources; when this happens I would like to clear the back stack so that the user won't be returned to an activity in an invalid state and will be returned to the login activity, but only for users who are logged in via authentication from a third party service(with the native login the state can be restored fine).
I know you can clear the back stack by setting clearTaskOnLaunch to true in the manifest, however, I would like to be able to change the value at run time(depending on their login method), but was unable to find anything on here or the developer site suggesting that clearTaskOnLaunch was accessible via the java code. Any ideas?
Note, I plan on making the state information restore more elegantly for third party registration in the future, this is just the "good enough" solution for the time being.