( this is far from being finished and not actively being worked on these days. Here are some notes below of what I remember about the current state and the ideas for next )

It's a security problem that runUnitTest starts a webserver without password for manager user.

But it's convenient for debugging / development ... at least developer running tests on his machine needs a way to know the password and it would be better if that password does not change every test run.

The general idea:

• ERP5TypeTestCase user gets a random password.
• every time test create user we give them a random password.
• by default there's a manager user whose login and password are set as manager_username and manager_password class attributes. Many tests where creating a new manager user, but they should be able to use this existing user.
• maybe we don't need this patch to allow empty passwords in publish method anymore.
• Zelenium test seem harder, because we need to know the password and include it in the html tables for selenium. When we render the table, usually it's done when logged as manager ( I think ), so maybe generate a password from the test page template.