Functional tetsing of an app using pyramid_cas (Apereo CAS)

[Rafael Lopez]

I've started porting my apps away from pyramid_ldap to pyramid_cas  to rely on the university's CAS SSO and match other apps developed in-house by my department.

I started on a smaller app, and while the transition went fine, I am stuck with tests that cannot possibly pass or go on because as far as I can do, I can't get my test user recognized as logged in.

In normal usage, the way it works is : go to a restricted page => forbidden_view => redirect to SSO, login there => redirected back with a ticket => decode it => validate auth => view page. When testing, I can't just pass a random user/password to the external SSO and expect it to work, and using my own login/password is also out.

I tried the suggestions from https://docs.pylonsproject.org/projects/webtest/en/latest/testapp.html?highlight=authorization%20#modifying-the-environment-simulating-authentication, tried setting the headers of a TestRequest.blank, but nothing works, I can't get the app to recognize my test user as authenticated, so it will try to redirect and fail not-gracefully. I could take a week or two and see if I can manage to run an ersatz of my university's CAS server using the docker image from Apereo, but I'd rather spend that time resting or working on proper projects ;p

I'm using Pyramid 1.10.8, yes I know I need to move on, but that's for later. What would the best way to test the parts of my app that require authentication without having to actually do a full CAS SSO authentication ?

RL

[Jonathan Vanasco]

There are a few ways I have done this.

1-In the functional tests, just rely on the headers being set/unset.   Then test the full SSO to set headers on integrated tests.

2- If the SSO functions use the Requests library, you can use Responses to mock the response. This way you can simulate a SSO on the functional tests.

> tried setting the headers of a TestRequest.blank, but nothing works

You should debug why that's failing.