Perform real HTTP requests when needed

[azmeuk]

Here is my usecase: my application authenticates against an OAuth2 server, and I want to test how my app behaves during the user authentication phase. Usually it goes like this:

• users try to access to a protected endpoint
• the endpoints redirects to the authentication server
• the authentication server logs the users in if needed and get user consent if needed
• it redirects back to a given endpoint in the application
• that application endpoints performs a new request to the authentication server and gets a token that authenticates the user

Currently in my tests, I run a basic authentication server wsgi application in a thread. You can see a real world example in pytest-iam, but a nominal case looks for example like:

def test_nominal_case(iam_server, user, testclient)
    # attempt to access a protected page
    res = testclient.get("/login")

    # authorization code request (already logged in an consented)
    res = requests.get(res.location, allow_redirects=False)

    # access to the application redirection URI
    res = testclient.get(res.headers["Location"])

While this is functional, making the call to requests by hand (or any other http lib) is cumbersome, and I think this would be nice if webtest could manage this. This would make the test looks like this:

def test_nominal_case(iam_server, user, testclient)
    # attempt to access a protected page
    res = testclient.get("/login")

    # authorization code request (already logged in an consented)
    res = res.follow()

    # access to the application redirection URI
    res = res.follow()

There may be restrictions to set up, like for instance only perform requests for given domains like localhost.

What do you think? Should this belong in webtest or in another library? We could think of a lib webtest-requests that would bring this behavior for instance. If this could be done in webtest, what http lib should be used?

[gawel]

Hi, to me you have to mock/avoid external calls. So this feature makes no sense in webtest itself. Maybe it's doable in another library but be aware, this will be very tricky.

I've made some effort 10y ago to use selenium with webtest but this was too messy https://github.com/gawel/webtest-selenium/blob/master/webtest_selenium/sel.py#L210

[stevepiercy]

Nowadays, I hear more often Playwright > Cypress > Selenium. There are other similar tools, but they all have quirks and other considerations, such as who backs the tool.