WIP: Passwords in ERP5 tests (!771) · Merge Requests · nexedi / erp5

WIP: Passwords in ERP5 tests

( this is far from being finished and not actively being worked on these days. Here are some notes below of what I remember about the current state and the ideas for next )

It's a security problem that runUnitTest starts a webserver without password for manager user.

But it's convenient for debugging / development ... at least developer running tests on his machine needs a way to know the password and it would be better if that password does not change every test run.

The general idea:

ERP5TypeTestCase user gets a random password.
every time test create user we give them a random password.
by default there's a manager user whose login and password are set as manager_username and manager_password class attributes. Many tests where creating a new manager user, but they should be able to use this existing user.
maybe we don't need this patch to allow empty passwords in publish method anymore.
Zelenium test seem harder, because we need to know the password and include it in the html tables for selenium. When we render the table, usually it's done when logged as manager ( I think ), so maybe generate a password from the test page template.

( this is far from being finished and not actively being worked on these days. Here are some notes below of what I remember about the current state and the ideas for next )

It's a security problem that runUnitTest starts a webserver without password for manager user.

The general idea:
 * ERP5TypeTestCase user gets a random password.
 * every time test create user we give them a random password.
 * by default there's a manager user whose login and password are set as `manager_username` and `manager_password` class attributes. Many tests where creating a new manager user, but they should be able to use this existing user.
 * maybe we don't need this patch to allow empty passwords in `publish` method anymore.
 * Zelenium test seem harder, because we need to know the password and include it in the html tables for selenium. When we render the table, usually it's done when logged as manager ( I think ), so maybe generate a password from the test page template.

Edited 2019-06-28 05:37:37 UTC

Check out branch

Request to merge jerome:feat/passwords-in-tests into master (1371 commits behind)

Discussion 0
Commits 7
Changes 21
{{ resolvedDiscussionCount }}/{{ discussionCount }} {{ resolvedCountText }} resolved

@jerome Jérome Perrin
@jerome
mentioned in merge request slapos!420
2018-10-12 08:44:27 UTC

mentioned in merge request slapos!420

Toggle commit list

Please register or sign in to post a comment

WIP: Passwords in ERP5 tests

Check out, review, and merge locally

This merge request contains merge conflicts