saleor-testing

# Saleor Testing

## Before writing code

**Fetch live docs**:
1. Web-search `site:github.com/saleor/saleor pytest conftest fixtures` for Saleor's test setup and existing fixtures
2. Web-search `site:docs.saleor.io app testing webhooks` for App testing patterns and webhook verification
3. Web-search `site:docs.saleor.io graphql API testing` for GraphQL query and mutation testing approaches
4. Fetch `https://github.com/saleor/saleor/blob/main/conftest.py` and review root-level test configuration
5. Web-search `site:docs.pytest.org fixtures factory_boy django` for pytest fixtures and factory_boy integration

## Test Architecture

Saleor follows a layered testing approach:

| Layer | Tool | Purpose |
|-------|------|---------|
| Unit tests | pytest | Test individual functions, utilities, and model methods |
| Integration tests | Django test client | Test GraphQL API endpoints with database |
| App tests | pytest + httpx/requests-mock | Test App webhooks, signature verification |
| E2E tests | pytest + API client | Test full user flows through the API |

## Pytest Setup

### Core Configuration

| File | Purpose |
|------|---------|
| `pytest.ini` / `pyproject.toml` | Pytest settings, markers, default flags |
| `conftest.py` (root) | Shared fixtures, database setup, API clients |
| `conftest.py` (per-app) | App-specific fixtures and helpers |

### Essential pytest Settings

| Setting | Value | Purpose |
|---------|-------|---------|
| `DJANGO_SETTINGS_MODULE` | `saleor.tests.settings` | Test-specific Django settings |
| `--reuse-db` | Flag | Reuse test database across runs for speed |
| `--no-migrations` | Flag | Skip migrations; create tables directly |
| `-x` | Flag | Stop on first failure during development |
| `-n auto` | Flag | Parallel execution with pytest-xdist |

### Key pytest Plugins

| Plugin | Purpose |
|--------|---------|
| `pytest-django` | Django integration, database access, settings override |
| `pytest-xdist` | Parallel test execution |
| `pytest-mock` | Mock and patch utilities |
| `pytest-asyncio` | Async test support |
| `pytest-vcr` | Record and replay HTTP interactions |
| `pytest-factoryboy` | factory_boy integration with pytest fixtures |

## Django Test Client for GraphQL

Saleor's GraphQL API is tested using Django's test client:

### API Client Pattern

| Component | Description |
|-----------|-------------|
| Test client | Django `Client` or `RequestFactory` for HTTP requests |
| Endpoint | POST to `/graphql/` with query and variables |
| Authentication | Set `HTTP_AUTHORIZATION` header with JWT or App token |
| Content type | `application/json` for standard queries |

### Authenticated Request Patterns

| Actor | Header | Token Source |
|-------|--------|--------------|
| Anonymous | None | No authentication |
| Customer | `Authorization: Bearer <jwt>` | `tokenCreate` or test fixture |
| Staff user | `Authorization: Bearer <jwt>` | Staff user fixture with permissions |
| App | `Authorization: Bearer <app-token>` | App token fixture |

## GraphQL Test Helper Pattern

### Response Assertion Patterns

| Assertion | What to Check |
|-----------|---------------|
| Status code | `assert response.status_code == 200` |
| No errors | `assert "errors" not in content` or `content["data"]["mutation"]["errors"] == []` |
| Data present | `assert content["data"]["query"]["field"] == expected` |
| Permission denied | `assert content["errors"][0]["extensions"]["exception"]["code"] == "PermissionDenied"` |
| Validation error | Check `errors` array in mutation response for field-level errors |

## factory_boy Factories for Saleor Models

### Core Model Factories

| Factory | Model | Key Fields |
|---------|-------|------------|
| `UserFactory` | `User` | email, first_name, last_name, is_staff |
| `ProductTypeFactory` | `ProductType` | name, has_variants, is_shipping_required |
| `ProductFactory` | `Product` | name, product_type, category, slug |
| `ProductVariantFactory` | `ProductVariant` | product, sku, track_inventory |
| `CategoryFactory` | `Category` | name, slug, parent |
| `CollectionFactory` | `Collection` | name, slug |
| `ChannelFactory` | `Channel` | name, slug, currency_code |
| `WarehouseFactory` | `Warehouse` | name, slug, address |
| `OrderFactory` | `Order` | user, channel, billing_address |
| `OrderLineFactory` | `OrderLine` | order, variant, quantity |
| `CheckoutFactory` | `Checkout` | channel, email, shipping_address |
| `VoucherFactory` | `Voucher` | code, type, discount_value |
| `ShippingZoneFactory` | `ShippingZone` | name, countries |
| `ShippingMethodFactory` | `ShippingMethod` | name, type, shipping_zone |

## Testing Apps

### Webhook Payload Validation

| Test Aspect | What to Verify |
|-------------|----------------|
| Payload structure | JSON schema matches expected format |
| Required fields | All mandatory fields are present |
| Data accuracy | Payload values match the triggering event |
| Serialization | Dates, decimals, and enums serialize correctly |

### Signature Verification Testing

| Step | Description |
|------|-------------|
| 1. Get key material | For JWS (default): use test JWKS; for legacy HMAC: use App secret key |
| 2. Sign payload | Create valid JWS/HMAC signature for the test payload |
| 3. Set header | Include signature in the `Saleor-Signature` header |
| 4. Verify in App | App verifies signature and processes payload |
| 5. Test mismatch | Verify App rejects requests with invalid signatures |

## Testing GraphQL Queries and Mutations

### Query Test Pattern

| Step | Description |
|------|-------------|
| 1. Create test data | Use factories to set up products, channels, etc. |
| 2. Execute query | Send GraphQL query via test client |
| 3. Assert results | Verify returned data matches created test data |
| 4. Test filtering | Verify filters, search, and pagination work |
| 5. Test permissions | Verify unauthorized users cannot access data |

### Mutation Test Pattern

| Step | Description |
|------|-------------|
| 1. Set up prerequisites | Create required related objects |
| 2. Execute mutation | Send mutation with valid input |
| 3. Assert success | Check response for data and no errors |
| 4. Verify database | Query the database to confirm changes persisted |
| 5. Test validation | Send invalid input and verify error messages |
| 6. Test permissions | Verify only authorized users can execute |

## Fixture Patterns

### Commonly Needed Test Fixtures

| Fixture | Provides |
|---------|----------|
| `staff_user` | Authenticated staff user with configurable permissions |
| `customer_user` | Authenticated customer with address |
| `channel_USD` | Default USD channel |
| `product` | Product with type, category, variant, and channel listing |
| `order` | Order with lines, addresses, and payment |
| `checkout` | Checkout with lines and shipping address |
| `warehouse` | Warehouse with stock for test variants |
| `shipping_zone` | Shipping zone with methods and channel listing |

## CI/CD Pipeline Integration

| Stage | Tests | Configuration |
|-------|-------|---------------|
| Pre-commit | Linting, type checks | `pre-commit` hooks with `ruff`, `mypy` |
| Unit tests | Fast, isolated tests | `pytest -x --no-migrations -q` |
| Integration tests | API and database tests | `pytest --reuse-db -n auto` |
| Coverage | Code coverage report | `pytest --cov=saleor --cov-report=xml` |
| App tests | Webhook and App tests | `pytest tests/apps/ -v` |

## Best Practices

- Use factory_boy factories instead of manual object creation for consistency
- Test both success and error paths for every mutation
- Verify permissions by testing with unauthenticated, customer, and staff users
- Use `@pytest.mark.django_db` on all tests that access the database
- Mock external services (payment gateways, shipping carriers) in unit tests
- Test webhook signature verification (JWS/HMAC) with both valid and invalid signatures
- Keep test fixtures composable and avoid deeply nested dependencies
- Run tests in parallel with `pytest-xdist` for faster CI pipelines
- Use `assertNumQueries` to catch N+1 query problems in resolvers

Fetch the Saleor testing and pytest documentation for exact fixture patterns, test client setup, and CI configuration before implementing.