Lately I’ve been spending a bunch of time filling in the gaps in the functional and unit tests for a SaaS product I develop. One of the areas that needed more tests was around our integration with Xero. The biggest challenge to solve? getting past the authenticator challenge in an automated functional test.
At first I tried just disable 2FA for demo account I had setup. Unfortunately every subsequent login (whether automated or not) prompted for 2FA to be setup.
The solution? I ended up using Spomky-Labs/otphp library.
First, install spomky-labs/otphp with composer.
composer require spomky-labs/otphp
When setting up 2FA, Xero provides the option to configure your device using either a QR code (like most 2FA installations) or, alternatively a manual key. Choose the manual key and save that somewhere handy in your test case.
Then setup your test as normal after you’re test case has filled out the login prompt in Xero just generate the relevant token and fill in.
// Generate the OTP $otp = OTPHP\TOTP::create("yourkeyhere");
Then fill out the input with the token you’ve just generated. Using PHPUnit with Selenium something like this: