Servoy 5.2.1, Enhanced Security and Unit Tests

Hi all,

When we updated to Servoy 5.2.1 and enabled the Enhanced Security, all of our unit test solutions started failing. The unit test solutions were modified to use a “dummy” login and authenticator solutions which needed to setup the necessary security context but we are getting very inconsistent results when running the unit tests. The errors are very odd - for example, missing forms, whole modules not being loaded, etc.

Has anyone made the unit tests work with the Enhanced Security enabled and if yes, what are the necessary steps to do that.

Thanks in advance for your help!

Rossen,

Do you want to run your unit test without login handling or do you want to specifically test the enhanced security flow in a unit test?

Rob

Hi Rob,

To begin with, if the Enhanced Security is enabled on the developers workstations, all solutions loaded require a login - this applies even when running Unit Tests.

In addition, certain methods which are being tested require application user context (for example, if a table column auto enter value is set to Creation Username, Modification Username, etc. without a logged in user they default to null), some business logic methods which are being tested also use the current user name (using security.getUserName()). We also have unit tests related to the login process and our custom authentication and permission checks.

In short, for our specific purposes, we would like the unit tests to run with the same security context as the regular application. For this purpose we created a dedicated unit test login and authenticator solutions - the login solution on load uses the authenticator to create an “unit test” user account and calls the security.login(); when the unit test solution unloads, it deletes the unit test user account along with any unit test data created in the test database (we use again the unit test user account to “tag” all test records - this way each unit test session has an unique user account and multiple tests can run concurrently against the same database).

What we found is that in order for the test login solution to be loaded during the unit test runs, we need to add a stub unit test method in it, otherwise the unit test client does not even load it. Unfortunately, it appears that the same applies to any other module referenced by the solution to be tested - since they are the “regular” modules used by the application and do not have any test methods in them, they do not get loaded (or at least do not get loaded on every unit test run). We believe that this is causing the “missing” forms.

Here is the sample structure:

test_login (on load, calls the authenticator to create the unit test user account for the unit test run session)
test_authenticator (creates a new unit test user account for each unit test run session)
test_solution (contains the actual unit tests; this solution is the “Active” one and the “Run Unit Tests” is invoked from its context)
solution_to_be_tested (contains the methods being tested by the unit tests)
referenced_module_a (module, referenced by the solution_to_be_tested)
referenced_module_b (module, referenced by the solution_to_be_tested)
referenced_module_c (module, referenced by the referenced_module_a and referenced_module_b)

Hopefully this explains in more detail the scenario in which we are trying to use the unit tests and the Enhanced Security.

Rossen,

Enhanced security is only checked in 1 place, when a (remote) smart client contacts a Servoy Application Server.
When you are running code that is already inside the Application Server (webclient, headless client, unit test client) this flag has no effect.

You can simply use your test_solution without test_login and test_authenticator.
Your user management can be done in test_solution.onOpen() and/or the setUp()/tearDown() functions.

The issue you see with some modules not loading is caused by a race condition in the unit test client when using a login solution, when you switch to this approach, this issue does not occur.

Rob