Tuesday, May 27, 2008

Web Lecture 4 – XML, API, SOA


XML Example – Extensible Markup Language 1

Example for testing PLS Server (Playlist) which uses XML data format 2

API - Application Program Interface 3

Some Popular Open APIs 3

Testing Radio365 API (api_login.cgi) with Fiddler 3

How to Test: 5

MORE on AJAX 5

MVC with Service Oriented Architecture (SOA) 7



XML Example – Extensible Markup Language

The Live365 Genres directory can be presented with different skins and on different devices

(Example: http://www.live365.com/cgi-bin/directory.cgi?genre=latin and same genre in Radio365 software presented by http://www.live365.com/cgi-bin/directory.cgi?genre=latin&site=xml )

  • XML - is data description language

  • Works in conjunction with HTML

  • XML tags are defined by you

  • XML uses DTD (Document Type Definition) or XML schema to describe data


(Example: http://www.live365.com/xml/def/api/api_login_cgi.xsd )


There are two levels of correctness of an XML document:

Well-formed. A well-formed document conforms to all of XML's syntax rules. For example, if a start-tag appears without a corresponding end-tag, it is not well-formed. A document that is not well-formed is not considered to be XML; a conforming parser is not allowed to process it.

Valid. A valid document additionally conforms to some semantic rules. These rules are either user-defined, or included as an XML schema or DTD. For example, if a document contains an undefined element, then it is not valid; a validating parser is not allowed to process it.

Element names are case-sensitive. For example, the following is a well-formed matching pair: <Step> ... </Step>


Few Testcases:

Validate XML for api_login.cgi

  1. Use http://www.validome.org/xml/validate/, type a url (http://www.live365.com/cgi-bin/api_login.cgi?format=xml ) and click ‘Validate’ button, review results

  2. Schema validation (Where to get a location of schema – launch xml format for api_login.cgi - http://www.live365.com/cgi-bin/api_login.cgi?format=xml and observe xsi:schemaLocation(http://www.live365.com/xml/def/api/api_login_cgi.xsd). Now validate here http://www.w3.org/2001/03/webdata/xsv , type schema location url and review results

  3. When testing on Staging(Test) Environment use downloadable XML validator like – stylus studio( http://www.stylusstudio.com/xml_parsers.html )

Example for testing PLS Server (Playlist) which uses XML data format

URL: http://www.live365.com/pls/front?viewType=xml&handler=playlist&handle=easytempo&cmd=view

Diagram Provided (VISIO)

Example: http://www.live365.com/pls/front?viewType=xml&handler=playlist&handle=pianoradio&cmd=view

HTML wrappers for this pls call:

http://www.live365.com/mini/playlist.html?station=mdumond&hide=WT&ads=0&site=pro

http://www.live365.com/mini/playlist.html?station=mdumond&hide=WT&ads=0&site=live365


Observe in Fiddler pls requests (GET)

Parameters:

handler=playlist

cmd=view

handle=[afl:]station

viewType=html|xml

maxEntries=N


Writing few testcases for PLS XML Data:

..

Bug examples

1. For VIP listeners handle should be afl:name

2. WISH, BUY, INFO, RATING events are not recorded in Applause table when issued from VISTA (WindowsMediaPlayer 11) (http://www.live365.com/pls/front?viewType=html&handler=playlist&handle=pianoradio&cmd=view)


3. PLS skinning doesn’t work:

var PLS_server = web_server + "/pls/front?handler=playlist&cmd=view&site=tokyma&handle=";

http://www.live365.com/pls/front?viewType=html&handler=playlist&handle=pianoradio&cmd=view&site=pro


4. maxEntries param doesn't work – still a bug at live365:

in /pls/front?viewType=html call, it works in viewType=xml only
CALL:http://www.live365.com/pls/front?handler=playlist&cmd=view&viewType=html&handle=lana_mus&maxEntries=1 (always displays 3)



API - Application Program Interface

You can think about API as a waiter in the restaurant, you order dishes by their names, sometimes even by numbers (parameters in API request). Waiter brings it to the kitchen. Chef cooks ordered dishes. Each dish may have many ingredients and Chef may have many helpers (server side scripts, libraries, application server, Database). Eventually waiter comes back with your dishes (return can be in different formats like XML). Then finally you eat and decide if your dish choice matches to the dish (for example in API if you said you are a VIP, you should be granted VIP access and have VIP privileges). When you are eating you are testing

Some Popular Open APIs

Flickr has an open Application Programming Interface (API for short). This means that anyone can write their own program to present public Flickr data (like photos, tags, profiles or groups) in new and different ways. There's a long list of API methods available (http://www.flickr.com/services/ )


How to use it: To perform an action using the Flickr API, you need to select a calling convention, send a request to its endpoint specifying a method and some arguments, and will receive a formatted response.


Request and response formats can vary:

Request Formats

Response Formats


(Example: show it with Fiddler: http://www.airtightinteractive.com/projects/flickr_postcard_browser/app/)


Many partners use XML format for these calls to see returned data in a simple non GUI format.

Testing Radio365 API (api_login.cgi) with Fiddler

Download Radio365 here: http://www.live365.com/downloads/radio365-win/

API call example:

http://www.live365.com/cgi-bin/api_login.cgi?action=device_check&org=org&device_type=Radio365Win2&set_cookies=N&version=4&device_version=2%2E0%2C%20build%2023&remember=Y&auth=9dde0c37f3159ac0346717a2835f4509-1210733404-010c65fbe9a00&tm=1311&lang=en&format=xml


Some General Rules on Testing APIs:

  1. Test valid inputs

  2. Test default values (remember=Y)

  3. Test invalid inputs and proper Error Handling

  4. Test bogus inputs

  5. Test blank inputs

  6. Test all methods/actions Isolated

  7. Test methods/actions in Sequence/Flow

  • action=device_check, then action=login

  • action=login, then action=logout, action=login

  1. Test all parameters and at least one value for each

  2. Test required parameters, could vary depending on action

  3. Fiddle with Data before sending Request or when receiving Response

    • Try to get a Free Trial after it Expires

    • Fake new device_id

    • Try to login as VIP with non VIP username

  4. Make sure if APIs public auth code and session used to access data

  5. Parameters shouldn’t be repeated in requests or responses

  6. Request from a Software shouldn’t set cookies in a Browser

For Radio365 ask the following questions first:

  1. Is it a new application or an upgrade?

  2. Is it a new API or an Update?

  3. What is the main feature that touches API calls?

  • Now you do not have to be logged in to use Radio365

  • Also you can listen as a VIP in free trial for 5 days

  • Secure Login (no username and password in clear) for requests with version=4, if version=2 (valid request may have name and password)

  • User login remembered by default

  • Session ID properly formatted (F… (Free trial), R… (Expired), V...(VIP))

  1. If an upgrade, what changed in API requests? (Set of unique parameters to create an entry for unique device_id in Database in order to issue a Free Trial)

  2. Where new valued being sent? – Database Table below:

*The parameters have to be unique so there will not be a war situation of the same device_id users listening


Device_TLH_TRACKERS Oracle DB Table




DEVICE_ID

APP_ID

REMAINING_TIME

LANGUAGE

VERSION

0b7d1887ae00

live365:Radio365Win

83911

english

1.0

0b7d1887ae00

live365:Radio365Win2

431845

en

2.0, build 25

0b7d1887ae00-1113970304

live365:Radio365Win2

432000

en

2.0, build 27











SESSION_ID

CREATED

TOUCHED

SCHEME

06/07/2005 10:53:32

10/04/2005 15:43:57

Radio365Win-35

0:FE507vRs3Qu0aF65

05/20/2008 15:02:30

05/20/2008 15:05:05

Radio365Win-5D

0:FE40mMkPNuYN0j64

05/27/2008 11:33:04

05/27/2008 11:33:04

Radio365Win-5D


  1. How does application knows which state user is in? – By reading XML response from api_login.cgi


How to Test:

  1. Draw the main Testcases for Radio365 application when api_login.cgi being executed (Example provided)

  2. Make a matrix of all parameters (Homework)

    • to get request and response in Fiddler click on request URL in Web Sessions Pane, Then click menu 'Edit', Select 'Copy'->select Session (then paste it to your document - observe both request and response copied)

/cgi-bin/api_login.cgi?action=device_check


&org=live365&device_type=Radio365Win2&set_cookies=N&version=4&device_version=2%2E0%2C%20build%2023&remember=Y&auth=625d62559c76d0e7ca183bab954e21a0-1210092164-019d12f703000&tm=1031&lang=en&org=live365


/cgi-bin/api_login.cgi?action=check


&org=live365&device_type=Radio365Win2&set_cookies=N&version=4&device_version=2%2E0%2C%20build%2023&remember=Y&auth=bdf0f6c604d755c49901bf8292114a5b-1210096480-019d12f703000&sessionid=drew66:FE90yQs0WYSYTuE9&tm=3892802&lang=en&org=live365


/cgi-bin/api_login.cgi?action=logout


&org=live365&device_type=Radio365Win2&set_cookies=N&version=4&device_version=2%2E0%2C%20build%2023&remember=Y&auth=5bd958600d8fbd673bdb14b98417e727-1210096590-019d12f703000&sessionid=drew66:FE90yQs0WYSYTuE9&tm=4001961&lang=en&org=live365


/cgi-bin/api_login.cgi?action=login


&org=live365&device_type=Radio365Win2&set_cookies=N&version=4&device_version=2%2E0%2C%20build%2023&remember=Y&auth=a6d3ae4589dbaac661cc95ef4a8cb027-1210096609-019d12f703000&member_name=drew66&epassword=c3944e38d71ae7f7b6b8e9c5efd1e145-1210096609-drew66&tm=4021665&lang=en&org=live365

  1. Test by specification on new features and make sure to apply General rules of API testing also

  2. Writing a list of Testcases (XLS matrix)



MORE on AJAX

Please watch a video explaining some basic concepts

http://www.sitepoint.com/videos/videoajaxintro1/ (enter your email address for video link)



MVC with Service Oriented Architecture (SOA)

Model-view-controller (MVC) is an architectural pattern, which at the same time is also a Multitier architecture, used in software engineering. In complex computer applications that present a large amount of data to the user, a developer often wishes to separate data (model) and user interface (view) concerns, so that changes to the user interface will not affect data handling, and that the data can be reorganized without changing the user interface. The model-view-controller solves this problem by decoupling data access and business logic from data presentation and user interaction, by introducing an intermediate component: the controller.


SOA - is a style of IT architecture that delivers enterprise agility and Boundaryless Information FlowTM.

Service-Oriented Architecture (SOA) is an architectural style that supports service orientation. Service orientation is a way of thinking in terms of services and service-based development and the outcomes of services.

A service:

  • Is a logical representation of a repeatable business activity that has a specified outcome (e.g., check customer credit; provide weather data, consolidate drilling reports)

  • Is self-contained

  • May be composed of other services

  • Is a “black box” to consumers of the service


SOA style It is based on the design of the services – which mirror real-world business activities.

SOA separates functions into distinct units (services), which can be distributed over a network and can be combined and reused to create business applications.


Read some examples here: http://blogs.zdnet.com/service-oriented/?p=508

And Some testing Tools for SOA here: http://soa-testing.blogspot.com/


Homework

  1. Make a flowchart for VIP user login with Radio365

  2. Validate XML document and its schema (http://www.live365.com/cgi-bin/directory.cgi?genre=wedding&site=xml)

8
Posted by at No comments:

Tuesday, May 13, 2008

Website testing lectures

Posted by at No comments:
Subscribe to: Posts (Atom)