There are two ways a logout in SAML can happen: Service Provider (SP) initiated and Identity Provider (IDP) initiated logout. I'll explain how to implement both flows with devise_saml_authenticatable
.
Note
SAML also supports a
SOAP
and anArtifact
binding to do this. This guide only refers toPOST
andRedirect
bindings.devise_saml_authenticatable
does not supportSOAP
andArtifact
bindings.
When the user clicks on Logout
within the app, the app can trigger...
tl;dr
Prefer request specs over end-to-end tests (Capybara) to joyfully test file downloads!
Testing file downloads via Capybara is not easy and results in slow and fragile tests. We tried different approaches and the best one is just okay.
Tests for file downloads via Capybara ...
A Rails script lives in lib/scripts and is run with bin/rails runner lib/scripts/...
. They are a simple tool to perform some one-time actions on your Rails application. A Rails script has a few advantages over pasting some prepared code into a Rails console:
Although not part of the application, your script is code and should adhere to the common quality standards (e.g. no spaghetti code). However, a script...
There are a few tools to combat the dreaded n+1 queries. The bullet gem notifies you of missing eager-loading, and also if there is too much eager-loading. strict_loading in Rails 6.1+ forces developers to explicitly load associations on individual records, for a single association, for an entire model, or globally for all models.
But you can also actually **write spe...
Here are some hints on best practices to maintain your tasks in larger projects.
lib/tasks/*
.lib/scripts/*
as folder.For readability and testing it's easier to keep your tasks slim.
Example:
lib/gitlab/maintenance_tasks/user_export.rb
:
module Gitlab
module MaintenanceTasks
class UserExport
...
I recently stumbled over a problem that my feature tests broke in CI because of a mismatching chromedriver version.
In this specific project we have a fixed Chromium version in a Debian 12 environment instead of Chrome. The tests however used a recent chrome version instead.
$ chromedriver --version
ChromeDriver 117.0.5938.149 (e3344ddefa12e60436fa28c81cf207c1afb4d0a9-refs/branch-heads/5938@{#1539})
$ chromium --version
Chromium 117.0.5938.149 built on Debian 12.1, running on Debian 12.1
> WARN Selenium [:selenium_manager] The chromed...
For my computer science bachelor's thesis I programmed and evaluated a CLI Test Case Prioritization (TCP) tool for makandra. It has been written as a Ruby Gem and was tested and evaluated against one Ruby on Rails project. This card will summarize and present the research results, the evaluation and the programmed CLI tool.
The code has been published for educational purposes on GitHub. The german bachelor's thesis has also been included for download at the end.
...
You can tell npm
to install a package globally with npm -g install @puppeteer/browsers
. However, it seems that its not possible that npx
can run commands from global packages without referencing the global package path.
Installing @puppeteer/browsers
globally:
$ npm -g install @puppeteer/browsers
The globally installed package @puppeteer/browsers
can not be access via npx
:
$ npx --no-install @puppeteer/browsers
npm ERR! canceled # Error message when package is not installed
But it is installed g...
Rails offers several methods to manage three types of different cookies along with a session storage for cookies. These are normal, signed and encrypted cookies.
By following the happy path of testing a web application, that is only the main use-case is tested as a integration test and the rest as isolated (more unit ...
Debugging your integration tests, that run a headless Chrome inside a docker image, is tricky.
In many cases you can connect your Chrome to a remote docker container like docker-selenium, which should be the preferred way when you try to inspect a page within your integration test.
Otherwise you might be able to start your docker container with --net=host
and access your local chromedriver in the host address space host.docker.internal
.
If both options above don't work for you here is a...
Testing your responses in Rails allows to parse the body depending on the response MIME type with parsed_body
.
get '/posts.json'
response.parsed_body # => [{'id' => 42, 'title' => 'Title'}, ...]
For JSON APIs we often parse the response as symbolized keys with JSON.parse(response.body, symbolize_names: true)
, which is not supported by parsed_body
. For all other cases you might want to drop JSON.parse(response.body)
and replace it w...
Jasmine specs for the frontend often need some DOM elements to work with. Because creating them is such a common task, we should have an efficient way to do it.
Let's say I need this HTML structure:
<ul type="square">
<li>item 1</li>
<li>item 2</li>
</ul>
This card compares various approaches to fabricating DOM elements for testing.
While you can use standard DOM functions to individually create and append elements, this is extremely verbose:
let list = document.createElement('...
You can use the code below to check whether the browser can make connections to the current site:
await isOnline() // resolves to true or false
navigator.onLine
While you can use the built-in function navigator.onLine
(sic), it is only a hint for whether the device can access the Internet.
When navigator.onLine === false
you know for certain that the user device has no connection to the Internet. This mea...
Testing file download links in an end-to-end test can be painful, especially with Selenium.
The attached download_helpers.rb
provides a download_link
method for your Capybara tests. It returns a hash describing the download's response:
details = download_link('Download report')
details[:disposition] # => 'attachment' or 'inline'
details[:filename] # => 'report.txt'
details[:text] # => file content as string
details[:content_type] # => 'text/plain'
Compared to [other approaches](...
While verifying doubles in RSpec is a good default, it is limited in the amount of methods it actually is able to verify.
The background is that RSpec can't verify dynamically defined methods, which is a known issue for the usage of helper_method and also the reason why [RSpec >= 3.6](http://rspec.info/blog/2017/05/rspec-3-6-has-been-rel...
When the order matters:
expect(array1).toEqual(array2)
Regardless of order:
expect(array1).toEqual(jasmine.arrayWithExactContents(array2))
Ignoring extra elements:
expect(array1).toEqual(jasmine.arrayContaining(array2))
RSpec's let
allows you to super
into "outside" definitions, in parent contexts.
Example:
describe '#save' do
subject { described_class.new(attributes) }
let(:attributes) { title: 'Example', user: create(:user) }
it 'saves' do
expect(subject.save).to eq(true)
end
context 'when trying to set a disallowed title' do
let(:attributes) { super().merge(title: 'Hello') } # <==
it 'will not save' do
expect(subject.save).to eq(false)
end
end
end
I suggest you don't make a habit of using this regula...
A flaky test is a test that is often green, but sometimes red. It may only fail on some PCs, or only when the entire test suite is run.
There are many causes for flaky tests. This card focuses on a specific class of feature with heavy side effects, mostly on on the UI. Features like the following can amplify your flakiness issues by unexpectedly changing elements, causing excessive requests or other timing issues:
When testing JavaScript functionality in Selenium (E2E), you may need to access a class or function inside of a evaluate_script
block in one of your steps. Capybara may only access definitions that are attached to the browser (over the window
object that acts as the base). That means that once you are exporting your definition(s) in Webpacker, these won't be available in your tests (and neither in the dev console). The following principles/concepts also apply to Sprockets.
Say we have a StreetMap
class:
// street_map.js
class S...
https://tableconvert.com/ is an online tool to convert tables between different formats (e.g. json, markdown, csv).
It also has a button to transpose a table ("rotate" it by 90 degree).
The tool can be handy if you have tests with large markdown tables for testing contents of a flat json structure or csv.
Please note that you should not use it with sensitive data (like all online tools in general).
The pages […] allow you to see different types of mixed content and test how they behave in your browser. The "Secure" pages are referencing assets with HTTPS, the "Non-Secure" pages are referencing them with HTTP. Generally, you'll observe the same behavior with both Secure pages and the Secure HTTP page for a given test; the behavior will change on the Non-Secure HTTPS page.
Also see Testing HTTPS with badssl.com.
When testing with Cucumber / Caypbara, iframes are ignored, so you can't interact with them.
To interact with your iframe, you have to explicitly tell your driver to use it.
You can reference your iframe either through it's id, or if none given, by it's number:
When /^(.*?) inside the (.*?). iframe$/ do |nested_step, frame_number|
page.within_frame(frame_number.to_i) do
step nested_step
end
end
When /^(.*?) inside the (.*?). iframe:$/ do |nested...
FactoryBot allows to create traits from Enums since version 6.0.0
The automatic definition of traits for Active Record enum attributes is enabled by default, for non-Active Record enums you can use the traits_for_enum
method.
factory :user do
traits_for_enum :role, %w[admin contact] # you can use User::ROLES here, of course
end
is equivalent to
factory :user do
trait :admin do
role { 'admin' }
end
trait :contact do
role { 'c...
Select2 is a fantastic library for advanced dropdown boxes, but it depends on jQuery.
There is a selectize.js
fork called Tom Select. It is well tested, comes with Bootstrap 3, Bootstrap 4 and Bootstrap 5 styles and is easy to use. You might miss some advanced features.
Known issues: