{"id":2436,"date":"2015-02-18T02:02:12","date_gmt":"2015-02-18T07:02:12","guid":{"rendered":"http:\/\/qxf2.com\/blog\/?p=2436"},"modified":"2018-06-21T00:48:21","modified_gmt":"2018-06-21T04:48:21","slug":"api-testing-python-mechanize","status":"publish","type":"post","link":"https:\/\/qxf2.com\/blog\/api-testing-python-mechanize\/","title":{"rendered":"API Testing with Python Mechanize"},"content":{"rendered":"

This is the third part in our series on API testing. Rather than focus on traditional approaches to API testing, we have decided to arm you with tools that let you interact with the API at different levels of abstractions. In part I<\/a> we showed you how to inspect the API calls of any web application. In part II<\/a>, we gave examples of UI tools that could help you interact and mimic the API calls. In this third part, we will show you how you can use a higher level scripting language to interact with the API and write scripts that are repeatable and robust. <\/p>\n

For this tutorial, we have chosen to use the Python module Mechanize. We use these API test scripts in a couple different ways. One, to test the API themselves. Two, to quickly setup complex test scenarios. Using scripts that work off the API to setup test scenarios is more robust and much faster than using GUI automation. <\/p>\n

\n

Why Mechanize?<\/h3>\n

We<\/a> love Python. So naturally this tutorial uses Python. There are plenty of good Python modules to use for API tests. For simple tasks, we love the Requests module<\/a> which has a very clean and intuitive interface. For this tutorial, we have chosen to use Mechanize. Mechanize emulates the browser and makes it easy to handle authentication, sessions and cookies. It also helps us get past some sticky areas where the application API is not very clean and you need the browser to make requests. Of course, Mechanize comes with some drawbacks – like a lack of support for PUT, DELETE, PATCH HTTP methods. Qxf2 went through the source code and wrote our own ‘Missing Manual<\/a>‘ that now makes Python Mechanize extremely powerful. We have used Python Mechanize for the past two years now and have found it suitable for our API testing needs.<\/p>\n

\n

Overview<\/h3>\n

In part 1<\/a>, we used the developer tools to inspect the http requests\/responses. We used DropTask<\/a> as the application under test. DropTask is a free web based task and project management application that offers a visual approach towards managing daily workloads. For this tutorial, we will:
\n1. Login to DropTask
\n2. Get the account details
\n3. Delete an existing task<\/p>\n

While this workflow may seem odd\/not-realistic to professional testers, we chose these specific steps to keep this blog post at a reasonable length while still illustrating some common ways in which we expect you to use Mechanize when testing your web application. We highly recommend you scan Part I<\/a> of our tutorial if you have not yet already read it.<\/p>\n

\n

Implementation details using Python Mechanize<\/h3>\n

1. Login to DropTask<\/strong>
\nHere the browser url is set to DropTask login page. We make a POST request<\/strong> with the encoded parameters (email and password).
\n\"content-type<\/a><\/p>\n

\r\ndef login(self,username,password):\r\n        \" Login to Droptask \"\r\n        #Setup the login POST request\r\n        my_params={'email':username,'password':password}                \r\n        params_encoded = urllib.urlencode(my_params) \/\/Content-Type = 'application\/x-www-form-urlencoded'\r\n        self.browser.method='POST'\r\n        login_response= self.browser.open(self.url,data=params_encoded)\r\n        \r\n        #Verifying that the login was successful.\r\n        #We have chosen to check if we were taken back to the login page or not\r\n        forms = mechanize.ParseResponse(login_response, backwards_compat=False)        \r\n        if (len(forms)!=0) and (forms[0].find_control(\"password\") is not None): #If we were redirected to the login page forms[0].find_control(\"password\") would not be None indicating that Login failed\r\n            self.write(\"Login failed\")\r\n            return False\r\n        else:\r\n            self.write(\"Login success\")\r\n            return True\r\n<\/pre>\n
2. Get the account details<\/strong>
\nOn successful login, we make a GET request<\/strong> with Unix timestamp in the url parameter to get the account details about templates, tasks, users, groups, workspaces etc. This call is an example where imagination and deduction shine through. We looked at the GET call in developer tools and were wondering what the cryptic number was. After trying a few calls in rapid succession and noticing that the number only slightly changed, we were able to guess that it had something to do with a timestamp. The number beginning with ’14’ made us guess its a Unix timestamp. And the guess turned out to be right! Given that DropTask seems to support real-time collaboration (see the calls to pubnub<\/a> in the screenshots?), it makes sense for the GET request to indicate that it wants the latest account details.<\/p>\n
\r\ndef get_account_details(self):\r\n        \" Get account details.\"\r\n        #Current unix timestamp in milliseconds is needed!\r\n        curr_time = int(time.time())*1000\r\n        url = \"https:\/\/www.droptask.com\/v1\/account?%s\"%curr_time\r\n        response = self.browser.open(mechanize.Request(url=url))\r\n        self.account_details = json.loads(response.read())\r\n        return json.dumps(self.account_details)\r\n<\/pre>\n
3. Delete a given task<\/strong>
\nMechanize only supports GET and POST methods out of the box. To extend Mechanize to support the other HTTP methods, you can refer to our Mechanize tutorial<\/a>. To keep this post complete, you need to add this class to your test file:<\/p>\n
\r\nclass Mechanize_Delete_Request_class(mechanize.Request):\r\n    \"Extend the mechanize Request class to allow a HTTP DELETE\"\r\n    def get_method(self):\r\n        return \"DELETE\"\r\n<\/pre>\n
We are assuming you already have a task in a particular project. If not create one in your workspace\/project. To delete the task we need to make a DELETE<\/strong> request. Since different projects could have tasks of the same name, our method takes 2 parameters -project name and task name. Inspecting the delete API calls, we notice that DropTask’s API expects a workspace id and the task id to perform a delete. Using the project name we get the workspace id from the account details.<\/p>\n
\"json<\/a><\/p>\n
This workspace id and the task name(title) help us to get the task id. Using the task id we make a DELETE request.<\/p>\n
\"json<\/a><\/p>\n
Sample DELETE request when a task is deleted using the browser.
\n\"delete<\/a><\/p>\n
\r\ndef get_task_id(self,task_name,workspace_name):\r\n        \" Returns the task id for a given task in a project\"\r\n        self.task_id = None\r\n        workspace_id = self.get_workspace_id(workspace_name)\r\n        \r\n        if workspace_id is not None:            \r\n            for tasks in self.account_details['tasks']:\r\n                if tasks['workspace']== self.workspace_id and tasks['title']== task_name:\r\n                    self.task_id= tasks['_id']\r\n                    break\r\n\r\n        return self.task_id\r\n\r\ndef delete_task(self,task_name,workspace_name):\r\n        \" Deletes the given task by finding the task id\"\r\n        self.task_id = self.get_task_id(task_name,workspace_name)        \r\n        result = False\r\n        \r\n        if self.task_id is not None:\r\n            self.browser.method='DELETE'\r\n            del_task_res= self.browser.open(Mechanize_Delete_Request_class(\"https:\/\/www.droptask.com\/v1\/tasks\/%s\" % self.task_id))\r\n            self.write(\"Response Code for delete task %s is: %s\"%(task_name,del_task_res.code))\r\n            return del_task_res.code\r\n        else:\r\n            self.write(\"Could not find the given task :%s in workspace :%s\"%(task_name,workspace_name))\r\n            return None \r\n<\/pre>\n
\n
Notes<\/h3>\n
1. We did not have an opportunity to show you how to check response codes. With Mechanize, the response code for given response object is simply response.code
\n 
\n2. To the testing team at DropTask<\/strong>, as part of preparing for this post, we ended up writing a lot more code. We created a small library using the facade pattern<\/a> to quickly automate many of your API calls. We believe it will help you setup complex test scenarios quickly and robustly. Hit us up at mak@qxf2.com<\/strong> and we can share it with you.
\n 
\nThis ends our three part series on arming you with a range of tools for performing API testing. We would love to hear your feedback and questions in the comments section.<\/p>\n
\n