Is it possible to have Wetator work with 2 factor authentication

[LandauJ]

Hello. I am using Wetator to test some internal applications at IBM Canada. I like the way it navigates web-pages and verifies basic content -- serving as a kind of 'sanity test' that everything is intact. My issue now is with two-factor authentication (i.e. a system where a one-time code is sent to a phone or email as a second level of authentication for additional security). This is becoming more and more popular. I am trying to think of ways to have wetator handle this. One way might be a 'stop' for a manual input step (awkward, but would allow the test case to continue). Another way might be for Wetator to allow for completely manual authentication before it starts with executing the test case. I have had it working fine with the simple authentication (where I put a user id and password in the config file), but am trying to see how I can get around the two-factor authentication. Has anyone else ran into this issue? Does anyone have any suggestions as to how to proceed.

[rbri]

Hello,

glad to Wetator is of some use for you.

From my point of view, the application login game is a real tricky part for every integration testing. One solution i have seen is to introduce a special test user that does not need the second factor step. But this introduces a (small) security risk.

If you really like to support the SMS way i can think of something like this

• write your own command (adding specific command implementations is already supported) that stops and wait for the sms to come in (e.g. start a small http server and wait for a rest call)
• install one of these wait-for-sms-and-make-rest-call app on a smartphone and configure the app to call your rest service
• configure a test user to have the phone number of the forwarder smartphone
• if the rest call is received, get the number from the call and proceed

So far my quick ideas about this.

[LandauJ]

Hi. Thanks so much for the quick response. We appreciate it. We are interested in the way that may support SMS, and we do not mind doing manual steps for the login. I know I can use the wait command to introduce a delay. Can you suggest how I might interrupt the Wetator test at that point to wait for manual steps (i.e. credential input, either one or two steps), and then resume the automated flow. This 'manual interruption' for login will not impede the way we use Wetator, as we use it to verify the intactness of our builds, not necessarily as part of a fully automated build process (i.e we can baby-sit it as it runs and do manual steps). If you can suggest some code sample of how this might be accomplished, we would appreciate it. Thanks.

[rbri]

Hi @LandauJ

did some hacking this morning... not really complete but i hope you can start testing with this.

Please

• download the latest snapshot build 2.5.beta1 (https://jenkins.wetator.org/view/Wetator/job/wetator/) and update to this version
• enable the incubator command set in your wetator.config (if not already done)
• now you have a new command named 'enter-variable'
  • the first required parameter is the name of the variable (in the same for as you define a variable in the config) e.g. [dollar]smsResult (sorry for the strange writing of the dollar sign here but markdown...); you can also use $$smsResult to define a secret var (no value shown in the reports)
  • the second optional parameter is the label text for the input dialog

Sample:

enter-variable || $$smsResult || Please enter the number from the SMS you just got
set || Verification code || ${smsResult}

[rbri]

have updated the snapshot to support secret input

[LandauJ]

Hi: We appreciate this very much. A bit tied up with other things now, but will indeed get to this and report back to you. Jerrold Landua

…

On 2022-08-25 14:38, RBRi wrote: have updated the snapshot to support secret input -- Reply to this email directly, view it on GitHub [1], or unsubscribe [2]. You are receiving this because you were mentioned.Message ID: ***@***.***> Links: ------ [1] #19 (comment) [2] https://github.com/notifications/unsubscribe-auth/A2S47JWPJWLVIE6WGRSGM3TV264TLANCNFSM566KO5CA

[rbri]

@LandauJ take your time...

[LandauJ]

Hello again. I have gotten back to looking at wetator (after several diversions -- as usual). I was able to download the beta. However, I am now running into a new problem on the 2 apps for which I am trying wetator (both are written with node.js and react components). Now, I am not even able to get to the SSL. The initial url does not materialize. I also tried the non beta build (2.3), and I get the same errors -- so it is not an issue with the beta. It perhaps is an issue with the methodology used in our apps (both have been refactored to some degree since I last tried in late August). I know it is impossible to debug through github conversations -- but I am wondering if you have heard any reports, or have any insights into these errors I am now receiving when running wetator, and before the initial url (which would demand SSL) even loads. I get different errors for each of the two apps, again consistent on wetator 2.3 and the beta. Here are the errors (any insights are appreciated): Executing javascript on page failed (reason: 'TypeError: Cannot find function format in object [object NumberFormat]. and Executing javascript on page failed (reason: 'TypeError: Cannot find function reduce in object 89,238,45,232,140,78,227,170,177,111,46,150,24,62,125,173,167,153,182,184,212,253,128,87,197,67,129,153,190,228,4,196

[rbri]

Hi @LandauJ,

Cannot find function format in object [object NumberFormat]

This was something missing in HtmlUnit - now fixed.

TypeError: Cannot find function reduce in object

The reduce function is available for array - i have no idea why this failed. Do you have any more details - maybe you can send me the html report file by private mail?

Have made a new snapshot build including the latest HtmlUnit snapshot (please make sure to replace the whole lib directory).