Troubleshooting
How to Fix Element Selectors in Wolfpack?
Managing CAPTCHA in Your Automated Tests with Wolfpack
Using Emails in Test Scenarios with WolfPack
API
Generate an API key
Send Test Results via the Wolfpack API
Trigger test execution via the Wolfpack API

Managing CAPTCHA in Your Automated Tests with Wolfpack

CAPTCHAs are designed to detect human users and prevent malicious bots, but they can be an obstacle when automating tests. This guide will help you manage CAPTCHA in your tests with Wolfpack, providing you with tips and workarounds.

Solution 1 (recommended) - Configure the CAPTCHA service for automated tests in test environments

To bypass CAPTCHA during automated tests, it is also possible to configure the CAPTCHA service to recognize test requests and bypass them. Here are some approaches you can use depending on your CAPTCHA provider:

  • Test Keys: Some CAPTCHA services offer specific keys for test environments. These keys allow you to use CAPTCHA functionality without blocking automated tests.
  • Environment Configuration: Configure your CAPTCHA service to disable verification in specific environments (such as a staging environment). This way, CAPTCHAs won't be an obstacle during your automated tests.
  • Whitelist Usage: If your CAPTCHA service allows it, add the IP addresses of your test environments to a whitelist to avoid CAPTCHA prompts during tests.

Focus on reCAPTCHA

If you use reCAPTCHA, here are some specific strategies to facilitate automated tests:

  • Use reCAPTCHA Test Key (V2 only): Google provides public test keys that always return valid or invalid responses to facilitate test automation. You can use the following keys:
    • Site Key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
    • Secret Key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWeThese keys work only in test mode and are not intended for production use.
  • Disable reCAPTCHA in Staging Environment: Add conditional logic in your application to disable reCAPTCHA when the application is running in a staging or test environment.
  • Simulate Responses: For local tests, you can simulate reCAPTCHA responses directly in your code, based on certain headers or request parameters indicating that it is an automated test.

These solutions allow you to effectively manage CAPTCHA in automated test contexts without compromising the security of your application in production.

Solution 2 (if you must absolutely test in production mode) - Use custom headers to bypass CAPTCHA

2.1 Modify your app's code to facilitate tests

To facilitate the automation of your tests on your own site, in production mode, you can add logic that allows bypassing CAPTCHA only for authorized test accounts. Here is an example of code that you can implement in your server to achieve this:

    
// Configuration of authorized test accounts
const secureTestUsers = {
  email: ['test@yourdomain.com'],
  token: ['your-secret-token']
};

// Verification middleware
const bypassSecurityForTests = async (req, res, next) => {
  const testHeader = req.headers['x-test-auth'];
  const userEmail = req.body.email;

  if (
    process.env.ALLOW_TEST_BYPASS === 'true' &&
    secureTestUsers.token.includes(testHeader) &&
    secureTestUsers.email.includes(userEmail)
  ) {
    // Bypass security only for authorized test accounts
    req.skipRecaptcha = true;
    return next();
  }
  // Otherwise, proceed with normal security
  next();
};

With this middleware, when the ALLOW_TEST_BYPASS environment variable is enabled, requests from authorized test accounts (identified by email and secret token) can bypass CAPTCHA, thus facilitating your automated tests.

2.2 Configure your project to use the bypass header

In Wolfpack, you can add custom headers in your project settings, under the Browser tab. To bypass CAPTCHA during your tests, you can use a specific header to indicate that the request comes from an automated test.

Here are the steps to follow:

  1. Go to your project settings, then to the Browser tab.
  2. Add a custom header, for example:
    • Key: x-test-auth
    • Value: your-secret-token

Make sure your server recognizes this header to decide whether to bypass the CAPTCHA.

3. Best Practices for Automated Tests with CAPTCHA

  • Use Test Environments: If possible, deploy your application in a test environment where CAPTCHAs are disabled.
  • Use Test Accounts: Limit CAPTCHA bypassing to specific test accounts to ensure the security of your application.
  • Keep Track of Changes: CAPTCHA services can evolve. Make sure to update your bypass logic according to the changes made.

4. Limitations

Keep in mind that bypassing CAPTCHA often requires modifications to server code and may not be possible for third-party services. For sites you do not control, consider using specific workarounds, such as using third-party services to solve CAPTCHA manually.

gerer-les-captcha-dans-vos-tests-automatises-avec-wolfpack
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Terms of servicePrivacy policyLegal informationsContact