cypress

1. login programatically without using UI

    cy.request('POST', '/login', {
      username,
      password
    })

2. compared to selenium, cypress is consistent 'cause it's running inside browser

3. assertion

• should/and

4. auto complete

• /// <reference types="Cypress" />

5. fixture (it's like property file)

6. cypress has its own locator inspector after navigating to webpage

7. stub

cy.intercept('GET', '/api/users', { fixture: 'users.json' }).as('getUsers');

cy.visit('/users');

cy.wait('@getUsers');       //stub /api/users and wait for it, real api is not called

8. wait

• cy.visit('/users');                                                                //only wait for page load
• can add below code to wait for an api call to finish

cy.intercept('GET', '/api/another-resource').as('getAnotherResource');

cy.wait('@getAnotherResource');

reference
1. writing-your-first-test
2. integrate cypress with cucumber

3. what is cypress page object model?

4. cypress locators : how to find html elements

5. cypress - javascript end to end testing(2022 series)

6. cypress - javascript end to end testing

7. tutorials - browserstack

security

1. public key (certificate) vs private key

• used in asymmetric cryptography
• public key and private key are mathematically related
• what's encrypted with public key can only be decrypted by private key
  
  
• server generate public/private key pair
• server send public key to client in SSL/TLS certificate (any website with https address use SSL/TLS)
• client use CA to verify certificate is legit

2. trustStore vs. keyStore

• trustStore is normally on client  and is used to store public key (certificate) from trusted CA
• client will encrypt message with pubic key

• keyStore is normally on server side and stores private key and public key pair
• server use private key to decrypt client message

• you can have trustStore and keyStore on both client and server side, if client also need to authenticate itself to server

3. .crt file vs .key file

• crt file is public key 
• key file is private key

4. .p12 file vs .jks file

• p12 file hold both private and public key
• jks file hold both private and public key
• jks is for java application and p12 support across different platforms

6. ssl certificate chain

• end user certificate
• intermediate certificates
• root certificate
• when install end user certificate, you must bundle all intermediate certificates and install them along with end user certificate
• the list of certificates, from root to end user, represent certificate chain

7. ca bundle

• ca bundle is a file that contains root and intermediate certificates
• end user certificate + CA bundle = certificate chain

8. 2-way authentication (see link)

9. get certificate from browser

10. how to add cert file to java truststore

11. cors

• domain 1 is not allowed to call domain 2 api (access domain 2 asset) unless correct Access-Control-Allow-* header is set in domain 2 api

12. ssh

• public key is stored in ssh server
• private key is stored in ssh client

reference

1. truststore vs keystore
2. what is CA bundle?
3. key and crt file
4. how to view crt certificate file?
5. keystore vs truststore
6. java certificate
7. 2-way authentication
8. how-to-export-certificate-from-chrome-on-a-mac
9. how to add to java truststore
10. understanding CORS

11. what is ssh public key authentication?