Have you ever imagined a situation where a tester has to sit and execute thousands of test cases manually? How long would that take? couple of weeks? Now imagine re-execution of the same scenarios over and over again. For a tester that can be exhaustive and time consuming.
With the advent of automation testing tools the burden on the tester as well as the industry was brought down drastically, and the new era of automation testing has began. When I started automating the web it felt like some magic is happening, until I realised how the tool was working. Now there are hundreds of open source tools available in the market, but Selenium still stays close to my heart.
In this article let us look into how to handle Basic auth and Digest auth using Selenium. We will start with understanding what each of them is before we jump into Selenium
What is Basic Auth and Digest Auth
Authentication is a process of verifying who the user is.
In case of Basic authentication, base64 encoding is used to generate cryptographic string, which contains the information of username and password. As this is not a secure implementation, and transmits the password as plain text, it should be used over encrypted transport layer i.e. HTTPS.
Digest authentication, on the other hand uses encryption. Server provides the client a nonce(Number which can be used once), by combining it with username, realm, password and URI request, client runs it through MD5 hashing method. Which then will be passed to server and gets validated.
Handling Authentication Using Selenium
Now let’s see how above mentioned auth types can be handled using Selenium
Method1:
One can directly pass the username and password in the URL. Well this method works fine, but this varies from browser to browser and version. Safari does not entertain such format and simply ignores the credentials passed.
Example:
import org.openqa.selenium.chrome.ChromeDriver;
import org.testng.annotations.*;
public class SeleniumTests {
@Test
public void handleBasicAndDigestAuth() throws InterruptedException {
//Initialise chrome driver
System.setProperty("webdriver.chrome.driver","/Users/******/chromedriver");
ChromeDriver driver = new ChromeDriver();
String appUrl = "http://admin:admin@localhost:5000";
// maximize the browser window
driver.manage().window().maximize();
//Open the application under test
driver.get(appUrl);
}
}The above method is definitely not a best practice to follow, as this is a quick way fo account compromise.
Method 2:
Second method is to use AutoIT or Sikuli tool. But that would work only on windows. Because of platform dependence AutoIT is not recommended.
Method 3:
Selenium 4 recently added support in their alpha version to handle basic and digest auth using register method. Sample code can be found below.
import org.openqa.selenium.HasAuthentication;
import org.openqa.selenium.UsernameAndPassword;
import org.openqa.selenium.chrome.ChromeDriver;
import static org.assertj.core.api.Assumptions.assumeThat;
import org.testng.annotations.*;
public class SeleniumTests {
@Test
public void handleBasicAndDigestAuth() throws InterruptedException {
//Initiate chrome driver
System.setProperty("webdriver.chrome.driver","/Users/*****/chromedriver");
ChromeDriver driver = new ChromeDriver();
String appUrl = "http://localhost:5000";
// register the auth details
assumeThat(driver).isInstanceOf(HasAuthentication.class);
((HasAuthentication)driver).register(UsernameAndPassword.of("me","me"));
// maximize the browser window
driver.manage().window().maximize();
//Navigate to URL
driver.get(appUrl); //You can add steps to validate home page
}
}
Note: this is a new feature of Selenium 4, to use Chrome Devtools Protocol(CDP) to automate certain functions that are not available using WebDriver protocol and is a bridge technology until the webdriver bidirectional protocol is developed by W3C and subsequently implemented by browser vendors.
In Summary
The article above focuses mostly on handling basic and Digest auth and its demonstration using Selenium can do. Stay tuned for some more advanced topics on Automation testing
