Third Party Developer Frontend
Please import all custom CSS in to :
To run the unit tests:
Component tests run within a browser to verify the component through various UI flows with mocked backend connections.
These tests rely on running ASSETS_FRONTEND
From the command line you can run the tests
sm --start ASSETS_FRONTEND sbt component:test
To run an individual feature you need to be running the app in stub mode locally and the glue needs to be set as component.steps in the test config.
Once the third-party-developer-frontend is running locally, it can be tested using OWASP Zed Attack Proxy (ZAP) which is a security tool that can be used to highlight any potential vulnerabilities: -
- Download and install ZAP.
- Install the latest scanners for ZAP by
Managing Add-onsand adding
Active scanner rules (beta)
- Ensure your local machine has Web Proxy (HTTP) enabled and local host set to the Port ZAP is running on (e.g.
- ZAP can be started to run on a specific port by running
/Applications/OWASP\ ZAP.app/Contents/Java/zap.sh -port 11000in terminal.
Various security tests can be run within ZAP and the different types of attacks are dependent on the service under test. In order to setup different tests and reporting thresholds: -
- Navigate to the
Scan Policy Managerwithin the
- Within the
Scan Policy Managercreate a new policy and set the different reporting and attack thresholds.
- Providing the proxy settings above are set, ZAP can monitor the local requests when certain user actions are completed.
- Once the request appears in ZAP, right click on it and select
- Select the policy tab and set the appropriate policy for the service under test.
- Select to start the scan.
- Once the scan is complete the security tests run against the service are displayed in the ZAP interface.
- Reports can also be generated and saved in various formats from the ZAP Report menu option.
- When running Zap tests on third-party-developer-frontend, the following user actions are an example of what can be included in the tests:
- Register new user
- Reset password
- Create Production and Sandbox applications
- Submit appliction for production credentials
- Add redirect URI
- Add team members Admin/Dev
- Change profile
- Edit application details
- Sign out survey
- Unit tests should make up the majority of tests so that test coverage should drop marginally when run against only unit tests.
- Component tests should be a thin layer of coverage on happy paths only to ensure that journeys hang together.