Lab #4: Writing acceptance tests with behat - WidgetsBurritos/drupal-test-writing GitHub Wiki

Problem Statement

Your stakeholders weren't extremely thrilled to find out your system had these security vulnerabilities. This has caused bad publicity for the company, and they want to be assured that this won't happen again. But since they aren't developers, they don't understand PHP-based or Javascript-based tests.

The Decision: Write User Acceptance Tests

Write some very simple acceptance tests with behat to prove this issue has been resolved once and for all.

Running the Tests

Before we begin, let's ensure the existing test is working as expected. We can do so by running this command:

ddev ssh
cd /var/www/html
behat

The response should contain the following text:

Feature: Powered by Drupal

  Scenario:                                                          # features/drupal/powered-by.feature:4
    When I visit "/"                                                 # Drupal\DrupalExtension\Context\MinkContext::assertAtPath()
    Then the response should contain "Welcome to Drush Site-Install" # Drupal\DrupalExtension\Context\MinkContext::assertResponseContains()
    And the cache tag "|http_response|" is present                   # FeatureContext::theCacheTagIsPresent()
    And the cache context "|url.path.is_front|" is present           # FeatureContext::theCacheContextIsPresent()

Writing the Acceptance Test

1. Create a new file called features/drupal/my-message.feature (Note that this is not installed in your custom module, but rather stored at the top level of your project.)

2. Define the feature and add a description:

   Feature: My Message
   
     Verify that the "My Message" route correctly handles user roles.
   

3. Add a scenario verifying unauthenticated users:

     Scenario: Verified unauthenticated users
       When I am on "/my-message"
       Then the response status code should be 403
       And the response should contain "You are not authorized to access this page."
       And the response should not contain "You are logged in"
       And the response should not contain "You are special"
       And the response should not contain "You have yet another privilege"
   

4. Run the behat tests. If all went well all of the tests should still be passing.

5. Add a scenario checking for the my super secret privilege permission:

     Scenario: Verify users with "my super secret privilege"
       Given I am logged in as a user with the "my super secret privilege" permission
       When I am on "/my-message"
       Then the response status code should be 200
       And the response should contain "You are logged in"
       And the response should contain "You are special"
       And the response should not contain "You have yet another privilege"
   

6. Rerun the tests. You should see a failure like this:

   No ability to create roles in Drupal\Driver\BlackboxDriver. Put @api into your feature and add an API driver (ex: api_driver: drupal) in behat.yml. (Drupal\Driver\Exception\UnsupportedDriverActionException)

7. Add @api above the scenario and try again. The tests should pass this time.

8. Now you decide you want to add tests for users with these other permission combinations as well:

   • yet another privilege
   • access content
   • yet another privilege + my super secret privilege

9. At this point you should realize you are repeating a lot of the same syntax over and over again in your scenarios. Try to rewrite these scenarios using a scenario outline instead.

Need Assistance?

If you're stuck, have a look at Pull Request #5