Run dusk tests on production server?

Published 1 week ago by a_riehr

Hello, I really like testing my code, on unit level as well as on browser level. I especially like having control and being able to test the functionality with one click. However, maybe the process of deploying my website to the production server might introduce bugs, since it's a different environment. It would be perfect if I was able to run my tests on the production server itself. The dusk docs talk about some kind of security issue that would come with that... is that correct or is this a misunderstanding? Can I run my tests on the production server?

MikeHopley

You should not run Dusk on your production website, because it exposes insecure routes for automatically logging in as any user.

In other words, anyone could just visit your-site.com/_dusk/login/1 and log in as your administrator user (most likely).

It's also a really bad idea to run any tests against your production environment, as you can easily mess up and wipe your production database.

However, you can create a separate testing environment, either on the same server or an identically configured one. Dusk can then be run against this site. For example, testing.your-site.com.

This should of course have a completely separate database, with a different username and password. You probably also want to secure it so only you can access it (basic auth, and/or IP restriction).

a_riehr

Thank you for your answer. I don't quite understand why this route "your-site.com/_dusk/login/1" even exists, but maybe I just know too little about the way dusk works. I will set up a separate test environment on my production server. Thanks again for your advice.

MikeHopley

Those routes are convenient when writing your Dusk tests, because you can do this:

$browser->loginAs('[email protected]om')

...instead of this:

$browser->visit('/login')
    ->type('email', '[email protected]')
    ->type('password', 'superSecureAdminPassword')
    ->press('Log in')

As well as being a handy shortcut, it also runs a bit faster.

Please sign in or create an account to participate in this conversation.