tags:

views:

123

answers:

4
+1  Q: 

Unit testing when developing a website?

After learning about TDD and unit testing, I'm really looking to write tests when I code, preferably before I code because I see the benefits coding in Python. I'm developing a website, and I'm trying to write tests according to the requirements, but its proving more difficult than expected.

I can see the benefits of writing tests when you're producing a library of code with a public interface for others to use. Developing a website, where there is really not much logic, and mostly Reading and Writing against a database seems a little harder to unit test. Mostly, I have to create/edit/delete rows in the database.

I'm using a framework (Kohana 3 for php), so 99% of all the libraries and helpers that I'm going to be using have already been tested (hopefully), so what else is their to write tests for?

I'm mostly talking about scripting languages, not about CSS or HTML, I already know about cross-browser testing.

How much can you really test when developing a web site, and how should you go about it?

Edit: Is the lack of activity on this question a sign? I understand that certain things MUST be tested, like security and the like, but how much can be written using unit tests and TDD is the question.

Thanks.

A: 

How about testing security?

If your website involves databases, test against SQL Injection and access control. http://databases.about.com/od/security/Database_Security_Issues.htm

If your website includes forms and such, test for proper validation, as well as validation of any other input and output data.

If your website has users, test for authentication and session management.

The OWASP Top 10 list for 2010 comprises:

  1. injection
  2. cross-site scripting (XSS)
  3. broken authentication and session management
  4. insecure direct object references
  5. cross-site request forgery (CSRF)
  6. security misconfiguration
  7. insecure cryptographic storage
  8. failure to restrict URL access
  9. insufficient transport layer protection
  10. unvalidated redirects and forwards

Hope this helps.

Hristo  2010-07-27 19:22:14
-1: good information, but it's not information about unit testing and tdd.
John Saunders  2010-07-27 19:30:07
@John... I was just answering his last question "How much can you really test when developing a web site, and how should you go about it?" I don't know much about unit testing and tdd, but I felt like my answer was relevant to the last question in the post.
Hristo  2010-07-27 19:32:03
@Hristo: I see your reasoning, but if you re-read that, I think you'll agree that when he said "testing" in that sentence, he was referring to unit testing and tdd, just like he was in the rest of the question.
John Saunders  2010-07-27 19:45:07
@John... well thanks for at least telling me why you downvoted my answer... instead of just blindly shooting me down.
Hristo  2010-07-27 19:53:22
@John... check out the selected answer. Do you think that it is information about unit testing and tdd? I don't think so... even the user who posted the question thinks its not related to unit testing. I think I deserve my point back.
Hristo  2010-07-27 21:33:37
This is an answer to the OP's question. +1.
apollodude217  2010-07-29 16:33:15
@apollodude... thanks!
Hristo  2010-07-29 22:37:24
+2  A: 

Developing a website, where there is really not much logic, and mostly Reading and Writing against a database seems a little harder to unit test. Mostly, I have to create/edit/delete rows in the database.

Not completely true.

You have data model processing. Does the validation work? Do the calculations on the reported rows from the database work?

You have control, sequence and navigation among pages -- do the links work? The test setup will provide a logged-in-user. The test will (1) do a GET or a POST to fetch a page, then (2) confirm the page actually loaded and has the right stuff.

You have authorization -- who can do what? Each distinct test setup will provide a different logged-in-user. The tests will (1) attempt a GET or POST to process a page. Some tests will (2) confirm they got directed to error-response pages. Some tests will (2) confitrm that the GET or POST worked.

You have content on the page -- what data was fetched? The test setup will provide a logged-in-user. The test will (1) do a GET or a POST to fetch a page, then (2) confirm the page actually loaded and has the right stuff.

S.Lott  2010-07-27 20:08:42
I understand all that, but how much of that can be unit tested? i can see testing validation and authentication, but how do you test if links work using unit tests?
BDuelz  2010-07-27 20:18:05
Maybe your use of "test unit" is confusing here. Everything needs to be tested, and a fundamental aspect of the 'net is that it's OS-agnostic. Get yerself a computer, load up your site, and see if it works. That's as good of a test unit as you'll need.
eykanal  2010-07-27 21:26:38
@eykanal: "load up your site, and see if it works". Vague, unrepeatable and not automated. If you wrote a unit of code for the site, you must test that unit of code -- in isolation. It can't be any simpler. If you wrote it, you must make a discrete unit of it and test it. That's all.
S.Lott  2010-07-27 22:33:46
+1. I get what your saying now.
BDuelz  2010-07-27 22:59:40
I guess I was a little confused, i always thought unit tests were supposed to be independent of everything else (like DB's)... If I make a test to ensure that I get the right data out of the database, would'nt that depend on the right data being in the database in the first place?
BDuelz  2010-07-27 23:08:45
@user166814: There are two ways to test DB access. (1) Mock the database. This is usually silly. (2) Trust (and use) the database to test your application's proper access. Totally mocking everything gets silly. Using the database to test your application is typical. Some argue that using the DB isn't "unit" testing, but they don't have a better term for it. It's okay to be flexible.
S.Lott  2010-07-28 00:46:43
@S.Lott: I wasn't familiar with the phrase "unit testing". If others are confused as I was, [this post](http://stackoverflow.com/questions/1066572/what-should-a-unit-be-when-unit-testing) has a good discussion of unit testing.
eykanal  2010-07-28 04:30:10
@S.Lott: I think the statement "mock the database is usually silly" is an overstatement. I don't do much web development, but I found that using something like a Repository to mediate the access to the database helps a lot: it gives you something to unit test, and you can test it with a mock so that you don't have to work against a real database.
Mathias  2010-07-28 07:32:26
@Mathias: I work with a test database populated with a test fixture all the time. I don't mock the database; I use a test instance of the production database populated with test data. Mocking the database is usually silly because it's often easier (and a better test) to use a test instance of the real database populated with test data.
S.Lott  2010-07-28 10:16:22
+1  A: 

Have you tried Selenium? It allows you to automatically do almost anything in a web browser. For example, you could have it go through and click all of the links and make sure that they go to the correct url.

It works with multiple languages, including python and allows for testing in chrome, firefox, ie, and other browsers.

SC Ghost  2010-07-27 20:35:34
Just a dissenting opinion: http://blog.objectmentor.com/articles/2010/01/04/ui-test-automation-tools-are-snake-oil
apollodude217  2010-07-29 16:36:15
A: 

If your site contains many forms, how do you write them? Do you write each view using plain HTML? Or do you write your own form helpers that generate forms just the way you want them? If you do that, you may find that unit-testing your form generators makes it easier to write them.

In general, if your program is mostly CRUD, look out for ways to automate CRUD management; write your own custom CRUD generator. Which does not mean write the CRUD framework that will end all frameworks; that would be too much work. Just write a generator for the small things you need for your current application. TDD will help you there.

xpmatteo  2010-07-30 15:03:27

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?