CherryPy Essentials - Rapid Python Web Application Development

The CherryPy script that would serve the previous page could look like: import os.path import cherrypy class Root: @cherrypy.expose def index(self): Ajax [ 174 ] return file('ajaxdigest.html').read() class Hello: @cherrypy.expose def default(self, username): return "Hello %s" % username if __name__ == '__main__': r = Root() r.hello = Hello() current_dir = os.path.abspath(os.path.dirname(__file__)) def get_credentials(): return {'test': 'test'} conf = {'/hello': {'tools.digest_auth.on': True, 'tools.digest_auth.realm': 'localhost', 'tools.digest_auth.users': get_credentials}, '/MochiKit': {'tools.staticdir.on': True, 'tools.staticdir.dir': os.path.join(current_dir, 'MochiKit')}} cherrypy.quickstart(r, config=conf) When you access http://localhost:8080/, you should get the following page: Chapter 8 [ 175 ] If you enter the username test and password test, you will get the following view on your screen: On the other hand, if you provide wrong values, you would get a screen like this: Ajax [ 176 ] Unfortunately, the browser receives the message from the server about the authentication failure with 401 HTTP error code and handles it itself. As of today, there is no cross-browser way to avoid that issue so that the pop up does not appear. If you hit the Cancel button of the pop up, the browser then goes back to your JavaScript code and the error callback is applied. Moreover, since you cannot access the underlying session through the XMLHttpRequest object as it is handled by the browser, you cannot force a logout by suppressing the session credentials. The user has to close down the browser to disconnect from the application. Consequently, although XMLHttpRequest allows you to provide a fancier way to enable basic and digest authentication in your web application, there are still some pitfalls that need to be acknowledged. JSON As we have already seen in this chapter, in spite of carrying XML in its name, Ajax does not prevent other formats being carried. For instance, one extremely common format that you will see is JSON (JavaScript Object Notation). In a nutshell, JSON is a way to carry serialized JavaScript objects so that a JavaScript application can evaluate them and transform them into JavaScript objects that the application can manipulate. For instance, when the user requests the server for an album object formatted with the JSON format, the server would return the following content: {'description': 'This is a simple demo album for you to test', 'author': 'Sylvain'} We then use the evalJSONRequest() function from Mochikit, as follows: var data = evalJSONRequest(incoming); Now the data is a JavaScript associative array and the description field can be accessed via: data['description']; JSON is widely deployed because it is simple, easy to use, and efficient to construct or evaluate. It does support all the common basic types such as numbers, Booleans, arrays, strings, or the null object. More complex objects are translated into associative arrays, where object attribute names serve as keys to access their associated value. The photoblog application will mainly use the JSON format in its operations. Chapter 8 [ 177 ] When your CherryPy application relies heavily on JSON, it may be interesting to write a tool to automatically perform the JSON serialization and deserialization. import cherrypy import simplejson def dejsonify(encoding='utf-8'): if cherrypy.request.method in ['POST', 'PUT']: if 'content-type' in cherrypy.request.headers: if cherrypy.request.headers['content-type'] == 'application/json': body_as_dict = simplejson.loads( cherrypy.request.body.read()) for key in body_as_dict: cherrypy.request.params[key.encode(encoding)] = body_as_dict[key] def jsonify(): if isinstance(cherrypy.response.body, dict): cherrypy.response.headers['Content-Type'] = 'application/json' cherrypy.response.body = simplejson.dumps( cherrypy.response.body) cherrypy.tools.dejsonifier = cherrypy.Tool('before_handler', dejsonify) cherrypy.tools.jsonifier = cherrypy.Tool('before_finalize', jsonify) class Root: def index(self): return {'message': 'Hello'} index.exposed = True def process(self, name): # do something here return "Processed %s" % name process.exposed = True if __name__ == '__main__': conf = {'/': {'tools.dejsonifier.on': True, 'tools.jsonifier.on': True}} cherrypy.quickstart(Root(), config=conf) Ajax [ 178 ] We create two tools using the simple JSON module to perform the conversion. The first one deserializes the request body from JSON only on POST and PUT requests that have the application/json content-type set. The tool loads the request body and transforms it into a dictionary, which is thereafter injected in the params attribute of the cherrypy.request object allowing CherryPy page handlers to expect keys of the JSON dictionary as regular parameters, as you can see in the process page handler. Note that we must encode those keys into Python strings from Unicode because CherryPy page handlers expect strings. The second tool takes the dictionary returned by a page handler and serializes it into JSON. Applying Ajax to our Application Our photoblog application will use Ajax fairly extensively, and to explain this we will review how to handle the albums of the photoblog. Defining the Required Namespaces Our first step will be to define the JavaScript namespaces that will allow us to reuse common function names in different contexts while avoiding name collision. Using the term namespace is slightly unexpected because JavaScript does not have that notion per se, but it is possible to emulate this feature in a number of ways. In the case of this application, we will be using JavaScript inheritance that is simple enough to implement our requirement. The two namespaces that the photoblog application will use are: ui and services. The ui namespace will cover the different interactions with the end user, while the services namespace will take care of exchanging data with the server. The ui namespace classes and functions will therefore call the services ones to perform operations requested by the end user. To implement these two namespaces, we will simply define two empty JavaScript functions as follows: function service() { }; function ui() { }; Chapter 8 [ 179 ] Implementing Namespaces We now have our functions and we can add attributes to them. Here we have the album class declaration that will handle all aspects of the album entity from a client- side point of view: function albums() { this.visibility = false; this.current = null; this.position = 0; this.step = 3; }; ui.prototype.albums = new albums(); var ui = new ui(); Here, we first create a regular JavaScript function that is used as the constructor of an album class. We also declare a few attributes attached to that object via the JavaScript keyword this. Then we add an albums instance as an attribute of the ui function object prototype and we finally create the unique instance of the ui class that we will use throughout the life of the application within the session of the user. From now on we can use the albums instance to call its edit method: ui.albums.edit(...) We then define similarly the album class within the services namespace. function album() { }; service.prototype.albums = new album(); var services = new service(); Adding Methods to the Classes The first method that we will add to our classes will be the one that toggles the visibility state of our albums container. This container will display information about existing albums and will fade in or fade out when the user clicks on the associated link. Let's see how to add methods: albums.prototype.toggle = function(event) { toggle($('content-pane'), 'blind'); Ajax [ 180 ] if(this.visibility == false) { this.visibility = true; this.forward(e); } Else { this.visibility = false; replaceChildNodes(albumsPane); } toggle($('albums-pane'), 'blind'); }; This method first toggles the visibility of the content panel that contains the current photograph. Then if the toggle means to open the albums panel, we set its visibility to true and we call the forward method. Otherwise, we set the visibility to false and we delete any elements attached to that container so that they don't waste memory. Finally, we request Mochikit to change the visibility state of the albums panel. We then connect that method to the onclick signal of the associated link as follows: connect($('albums'), 'onclick', ui.albums, 'toggle'); The forward method is defined as follows: albums.prototype.forward = function(event) { var start = this.position; var end = start + this.step; services.albums.fetch_range(start, end, this); this.position = end; }; The method first defines the range of albums we will need to fetch from the server. Then we call the fetch_range() method of the services.albums object, and we finally set the new starting position for the next call to that method. Let's now review the services.albums object itself: album.prototype.fetch_range = function(start, end, src) { var xmlHttpReq = getXMLHttpRequest(); xmlHttpReq.open("GET", albumsBaseUri.concat(start, "-", end), true); xmlHttpReq.setRequestHeader('Accept', 'application/json'); var d = sendXMLHttpRequest(xmlHttpReq); Chapter 8 [ 181 ] d.addCallback(function (data) { var data = evalJSONRequest(data); src.populate(data); }); }; You may notice that this method takes an extra parameter named src, which is the calling object so that our callbacks can apply methods on that object when receiving a response from the server. The requested URI albumsBaseUri.concat(start, "-", end). albumsBaseUri, is a global string variable containing the base URI for performing requests against collections of albums. We specify that we would prefer the server to send us back a JSON content, as this is what we will be using to populate the retrieved albums. The request issued would look like this: http://localhost:8080/services/rest/albums/0-3 GET /services/rest/albums/0-3 HTTP/1.1 Host: localhost:8080 Accept: application/json Connection: close And its response would be: HTTP/1.x 200 OK Connection: close Date: Tue, 19 Sep 2006 20:29:07 GMT Content-Length: 763 Content-Type: application/json Allow: GET, HEAD Server: CherryPy/3.0.0beta The returned content would be then evaluated by the MochiKit function evalJSONRequest() to return an instance of JavaScript objects; in this case an array of associative arrays. Once we have received and evaluated the content, we call the populate() method of the ui.album class to display the retrieved albums. This method is defined as follows: albums.prototype.populate = function(albums) { // get the albums container var albumsPane = $('albums-pane'); Ajax [ 182 ] // we remove any already displayed albums form the DOM tree replaceChildNodes($('albums-pane')); // define a set of links that we will use to move through the // set of albums var previous = SPAN({'id': 'previous-albums', 'class': 'infos-action'}, 'Previous'); connect(previous, 'onclick', this, 'rewind'); var next = SPAN({'id': 'next-albums', 'class': 'infos-action'}, 'Next'); connect(next, 'onclick', this, 'forward'); // we also add a link that when triggered will display the // form to create a new Album var create = SPAN({'class': 'infos-action'}, 'Create'); connect(create, 'onclick',this, 'blank'); // in case no albums were retrieved we simply display a default // message if(albums.length == 0) { appendChildNodes(albumsPane, SPAN({'id': 'info-msg', 'class': 'info-msg'}, 'No more album to view.')); appendChildNodes(albumsPane, previous); return; } // now we traverse the array of retrieved albums to construct // a tree structure of each that we will then insert into the // main DOM tree for(var album in albums) { album = albums[album]; var albumInfoBlock = DIV({'class': 'albums-infos-pane', 'id': 'album-' + album['id']}, LABEL({'class': 'infos-label'}, 'Title:'), SPAN({'class': 'infos-content'}, album['title']), BR(), LABEL({'class': 'infos-label'}, 'Created on:'), SPAN({'class': 'infos-content'}, album['created']), BR(), LABEL({'class': 'infos-label'}, 'Updated on:'), SPAN({'class': 'infos-content'}, album['modified']), BR(), LABEL({'class': 'infos-label'}, 'Description:'), SPAN({'class': 'infos-content'}, album['description']), BR()); Chapter 8 [ 183 ] // we provide a link Edit and Delete to each album displayed var editAlbumElement = SPAN({'class': 'infos-action'}, 'Edit'); connect(editAlbumElement, 'onclick', this, 'fetch_for_edit'); var deleteAlbumElement = SPAN({'class': 'infos-action'}, 'Delete'); connect(deleteAlbumElement, 'onclick', this, 'ditch'); appendChildNodes(albumInfoBlock, editAlbumElement); appendChildNodes(albumInfoBlock, deleteAlbumElement); // we finally connect the onclick signal of the block // carrying the album information. When a user clicks // it will toggle the albums panel visibility and // display the selected album. connect(albumInfoBlock, 'onclick', this, 'select'); appendChildNodes(albumsPane, albumInfoBlock); } // we eventually insert all those new elements into the // main DOM tree to be displayed. appendChildNodes(albumsPane, previous); appendChildNodes(albumsPane, next); appendChildNodes(albumsPane, create); }; Method to Create a New Album Now that we can display albums, we will review how to create a new album. To do so, we first need a form to gather the user input. Let's explain the ui.albums.blank() method that is in charge of displaying the form by dynamically inserting it into the DOM tree. albums.prototype.blank = function(e) { // those two elements will be links to either submit the form // or canceling the process by closing the form var submitLink = SPAN({'id': 'form-submit', 'class': 'form-link'}, 'Submit'); var cancelLink = SPAN({'id': 'form-cancel', 'class': 'form-link'}, 'Cancel'); // we will insert error messages when specific fields are // not filled Ajax [ 184 ] var successMessage = SPAN({'id': 'form-success', 'class': 'form-success'}, 'Album created'); var errorMessage = SPAN({'id': 'form-error', 'class': 'form-error'}, 'An unexpected error occured'); var titleErrMsg = SPAN({'id': 'form-title-error', 'class': 'form-error'}, 'You must provide a title'); var authorErrMsg = SPAN({'id': 'form-author-error', 'class': 'form-error'}, 'You must specify the author name'); var descErrMsg = SPAN({'id': 'form-desc-error', 'class': 'form-error'}, 'You must provide a description'); // the main form var albumForm = DIV({'id': 'pageoverlay'}, DIV({'id': 'outerbox'}, DIV({'id': 'formoverlay'}, SPAN({'class': 'form-caption'}, 'Create a new album'), BR(),BR(), FORM({'id': 'create-album', 'name':"albumForm"}, titleErrMsg, LABEL({'class': 'form-label'}, 'Title:'), INPUT({'class': 'form-input', 'name': 'title', 'id': 'album-title', 'value': ''}), BR(), LABEL({'class': 'form-label'}, 'Segment:'), INPUT({'class': 'form-input', 'name': 'segment', 'id': 'album-segment', 'value': ''}), BR(), authorErrMsg, LABEL({'class': 'form-label'}, 'Author:'), INPUT({'class': 'form-input', 'name': 'author', 'id': 'album-author', 'value': ''}), BR(), descErrMsg, LABEL({'class': 'form-label'}, 'Description:'), TEXTAREA({'class': 'form-textarea', 'name': 'description', 'id': 'album-desc', 'rows': '2', 'value': ''}), BR(), LABEL({'class': 'form-label'}, 'Content:'), TEXTAREA({'class': 'form-textarea', 'name': 'content', 'id': 'album-content', 'rows': '7', 'value': ''}), BR()), successMessage, errorMessage, DIV({'id': 'form-links'}, submitLink, cancelLink)))); hideElement(titleErrMsg); hideElement(authorErrMsg); hideElement(descErrMsg); hideElement(errorMessage); hideElement(successMessage); Chapter 8 [ 185 ] connect(submitLink, 'onclick', this, 'create'); connect(cancelLink, 'onclick', closeOverlayBox); appendChildNodes($('photoblog'), albumForm); }; The creation of the form block requires further explanation. In order to provide a fancier panel carrying the form, we use the technique deployed in scripts such as Lightbox or Thickbox. Both rely on the overlay capabilities of CSS applied to the DOM to display elements on top of others. Overlays allow displaying elements not in a sequential fashion but as a pile. This feature associated with a sensible use of HTML blocks as DIVs and appropriate colors can provide an attractive way to display the content, as the following screenshot demonstrates: Ajax [ 186 ] If you do not fill the required fields and submit the form, you will end up with a screen as displayed in the following screenshot: Chapter 8 [ 187 ] If you fill the required fields and submit the form, you would get a screen as shown: In order to avoid the situation where the user tries to re-submit the form, we remove the Submit link and the user can now safely close this screen. The HTTP exchange will look like this: POST /services/rest/album/ HTTP/1.1 Host: localhost:8080 Accept: application/json Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Content-Type: application/x-www-form-urlencoded Content-Length: 167 Pragma: no-cache blog_id=1&title=My%20holiday%20on%20Mars&author=Sylvain&description= My%20holiday%20on%20Mars.&content=Mars%20is%20nice%20but%20a%20little %20quiet. HTTP/1.x 201 Created Ajax [ 188 ] Connection: close Content-Length: 289 Server: CherryPy/3.0.0beta Location: http://localhost:8080/album/19 Allow: DELETE, GET, HEAD, POST, PUT Date: Wed, 20 Sep 2006 19:59:59 GMT Note that the response gives us the URI to directly access the newly created album. The method to handle the previous HTTP exchange is services.album.create(), as follows: album.prototype.create = function(data, src) { var qs = queryString(data); var xmlHttpReq = getXMLHttpRequest(); xmlHttpReq.open("POST", albumBaseUri, true); xmlHttpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); xmlHttpReq.setRequestHeader('Accept', 'application/json'); var d = sendXMLHttpRequest(xmlHttpReq, qs); d.addCallback(function (data) { src.showSuccessMessage(); }); d.addErrback(function (data) { src.showErrorMessage(); }); }; The data parameter is a JavaScript associative array of the form fields. The src parameter is the ui.albums instance, which is extended with the following methods: albums.prototype.create = function(event) { if(this.validate()) { // blogId is a global variable containing the current photoblog // identifier var data = {'blog_id': blogId, 'title': $('album-title').value, 'author': album-author').value, 'description': $('album-desc').value, 'content': $('album-content').value}; Chapter 8 [ 189 ] services.albums.create(data, this); } }; albums.prototype.validate = function() { var ready = true; hideElement($('form-title-error')); hideElement($('form-author-error')); hideElement($('form-desc-error')); if($('album-title').value == '') { appear($('form-title-error')); ready = false; } if($('album-author').value == '') { appear($('form-author-error')); ready = false; } if($('album-desc').value == '') { appear($('form-desc-error')); ready = false; } return ready; }; albums.prototype.showSuccessMessage = function() { hideElement($('form-title-error')); hideElement($('form-author-error')); hideElement($('form-desc-error')); appear($('form-success')); fade($('form-submit')); }; albums.prototype.showErrorMessage = function() { hideElement($('form-title-error')); hideElement($('form-author-error')); Ajax [ 190 ] hideElement($('form-desc-error')); appear($('form-error')); }; Method to Update an Existing Album This follows the same principles as we have seen in the previous section, except that we provide an album object to fill the form automatically with its values. Method to Delete an Existing Album Finally, we need a method to delete an album: // method part of the ui namespace albums.prototype.ditch = function(event) { // stop the propagation of the click event so that // the select method is not applied event.stop(); // shows a modal dialogbox asking the confirmation of the deletion var doit = confirm("Are you sure you want to delete this album?"); if(doit) { // we retrieve the id of the album to delete from // the block carrying the album

...

var currentAlbumId = (e.src().parentNode.id).substr(6); services.albums.remove(currentAlbumId); switchOff(e.src().parentNode); } }; // method part of the services namespace album.prototype.remove = function(id) { if(id != null) { var xmlHttpReq = getXMLHttpRequest(); xmlHttpReq.open("DELETE", albumBaseUri + id, true); var d = sendXMLHttpRequest(xmlHttpReq); } }; Chapter 8 [ 191 ] The HTTP exchange would look like this: DELETE /services/rest/album/19 HTTP/1.1 Host: localhost:8080 Connection: close Content-Length: 0 HTTP/1.x 200 OK Connection: close Date: Wed, 20 Sep 2006 20:39:49 GMT Content-Length: 0 Allow: DELETE, GET, HEAD, POST, PUT Server: CherryPy/3.0.0beta We have explained the basic methods to manipulate albums of the photoblog application. The same principles will be applied for the other entities of the application: film and photo. Summary This chapter has introduced you to Ajax and more generally to the basics of client-side programming using JavaScript. The possibilities are almost endless and the near future should see extremely interesting and powerful web applications that will slowly take the place of their rich-client counterparts. Testing Until now, we have reviewed the different steps involved in building the photoblog application but we have not tested our design and implementation. This chapter will introduce some testing techniques such as unit, functional, and load testing using open-source products such as unittest, CherryPy webtest, FunkLoad, and Selenium. By the end of this chapter, you should have a good understanding of how to use these tools in their context and improve the test suite for your applications. Why Testing Why testing, some might wonder? Does it bring any value to the application? You may believe that if a problem is found in your code, it will be reported and eventually be fixed. Therefore, you may argue that testing is fairly irrelevant and is time consuming. If you do believe this, then with the help of this chapter we will try to show you that testing is not just the cherry on the cake but actually it is part of the recipe for success. Testing is a process during which the application is audited from different perspectives in order to: Find bugs Find differences between the expected and real result, output, states, etc. Understand how complete the implementation is Exercise the application in realistic situations before its release The goal of testing is not to put the developer at fault but to provide tools to estimate the health of the application at a given time. Testing measures the quality of an application. • • • • Testing [ 194 ] Testing is, therefore, not just a part of the application life cycle but is actually the true barometer of where the application stands in that cycle. Lines of code are meaningless; but test summary and test reports are the reference points that the different members of a project can relate to for understanding what has been achieved, what still needs to be achieved, and how to plan it. Planning a Test From the previous section we can say that since testing is so critical to a project, everything should be tested and reviewed. This is true, but it does not mean the same amount of resources and efforts should be allocated to every part of the system under test. First of all, it depends on the position of the project in its life cycle. For instance, there is little need for performance testing right at the beginning of the project. There might not be a need for capacity testing, if the application does not require lots of hardware or network resources. That being said some tests will be carried all along the life cycle of the project. They will be built up by successive iterations bringing more strength to the test each time. To summarize, testing needs to be planned in advance in order to define: Goals: What is it relevant to test and for what purpose? Scope: What is in the scope of the test? What is not? Requirements: What will the test involve in terms of resources (human, software, hardware, etc.)? Risks: What are the risks related to that test if it does not pass? What will be the mitigation and action taken? Will it stop the project? What is the impact? These are just a few points to be kept in mind while planning a test. Another important point is that testing does not end once the application is released. It can also be carried on later so that the production release meets the defined requirements. In any case, since testing draws together so many different aspects it should be seen as a long, continuous process. • • • • Chapter 9 [ 195 ] Common Testing Approach Testing is a generic term for a range of aspects to be validated on a system or application. Here is a brief list of the common ones: Unit testing: Usually carried by the developers themselves. Unit tests aim at checking whether a unit of code works as expected. Usability testing: Developers may usually forget that they are writing an application for end users who do not have knowledge of the system and might end up making it unusable. Functional and usability tests provide a way to make sure that applications will fulfill user expectations. Functional/Acceptance testing: While usability testing checks whether the application or system is usable, functional testing ensures that every specified functionality is implemented. Load and performance testing: Once an application or system has reached a certain level of completeness, it may require load and performance tests to be conducted in order to understand whether the system can cope with its expected peak load and to find potential bottlenecks. This can lead to changing hardware, optimizing SQL queries, etc. Regression testing: Regression testing verifies that successive releases of a product do not break any of the previously working functionalities. Unit testing can be considered as a part of regression testing in some ways. Reliability and resilience testing: Some applications or systems cannot afford to break at any time. Reliability and resilience tests can validate how the system application copes with the breakdown of one or several components. The previous list is far from being exhaustive and each system or application environment may require specific types of testing to be defined. Unit Testing Our photoblog application will extensively use unit tests in order to constantly check the following: New functionalities work correctly and as expected. Existing functionalities are not broken by new code release. Defects are fixed and remain fixed. Python comes in with a standard unittest module and also provides a doctest module offering a different approach to unit testing as we will explain later on. • • • • • • • • • Testing [ 196 ] unittest unittest is rooted in JUnit, a Java unit test package developed by Kent Beck and Erich Gamma, which in turn came from a Smalltalk testing framework developed by Kent Beck. Let's now review a basic example of this module. Unit tests can often work on mock objects that are so called because they support the same interface as the domain objects of the applications but do not actually perform any work. They simply return defined data. Mock objects therefore allow testing against an interface of our design without having to rely on the overall application to be deployed for instance. They also provide a way to run tests in isolation mode from other tests. First let's define a dummy class as follows: class Dummy: def __init__(self, start=0, left_boundary=-10, right_boundary=10, allow_positive=True, allow_negative=False): self.current = start self.left_boundary = left_boundary self.right_boundary = right_boundary self.allow_positive = allow_positive self.allow_negative = allow_negative def forward(self): next = self.current + 1 if (next > 0) and (not self.allow_positive): raise ValueError, "Positive values are not allowed" if next > self.right_boundary: raise ValueError, "Right boundary reached" self.current = next return self.current def backward(self): prev = self.current - 1 if (prev < 0) and (not self.allow_negative): raise ValueError, "Negative values are not allowed" if prev < self.left_boundary: raise ValueError, "Left boundary reached" self.current = prev return self.current def __str__(self): return str(self.current) def __repr__(self): return "Dummy object at %s" % hex(id(self)) Chapter 9 [ 197 ] This class provides an interface to get the next or previous value within a range defined by the left and right boundaries. We could imagine it as a mock object of a more complex class but providing dummy data. A simple usage of this class is as follows: >>> from dummy import Dummy >>> dummy = Dummy() >>> dummy.forward() 1 >>> dummy.forward() 2 >>> dummy.backward() 1 >>> dummy.backward() 0 >>> dummy.backward() Traceback (most recent call last): File "", line 1, in ? File "dummy.py", line 27, in backward raise ValueError, "Negative values are not allowed" ValueError: Negative values are not allowed Let's imagine we wish to unit test this exciting module to make sure that the code is correct. import unittest class DummyTest(unittest.TestCase): def test_01_forward(self): dummy = Dummy(right_boundary=3) self.assertEqual(dummy.forward(), 1) self.assertEqual(dummy.forward(), 2) self.assertEqual(dummy.forward(), 3) self.assertRaises(ValueError, dummy.forward) def test_02_backward(self): dummy = Dummy(left_boundary=-3, allow_negative=True) self.assertEqual(dummy.backward(), -1) self.assertEqual(dummy.backward(), -2) self.assertEqual(dummy.backward(), -3) self.assertRaises(ValueError, dummy.backward) def test_03_boundaries(self): dummy = Dummy(right_boundary=3, left_boundary=-3, allow_negative=True) Testing [ 198 ] self.assertEqual(dummy.backward(), -1) self.assertEqual(dummy.backward(), -2) self.assertEqual(dummy.forward(), -1) self.assertEqual(dummy.backward(), -2) self.assertEqual(dummy.backward(), -3) self.assertRaises(ValueError, dummy.backward) self.assertEqual(dummy.forward(), -2) self.assertEqual(dummy.forward(), -1) self.assertEqual(dummy.forward(), 0) self.assertEqual(dummy.backward(), -1) self.assertEqual(dummy.forward(), 0) self.assertEqual(dummy.forward(), 1) self.assertEqual(dummy.forward(), 2) Let's explain this code step by step: 1. To provide unit test capabilities using the unittest standard module you only need to import that specific module. 2. Create a class that subclasses unittest.TestCase, which is the interface providing unit test functionalities to our code. This class is referred to as a test case. 3. Create methods starting with the word test. Each method starting with it will be called by the unittest internal handler. Notice that the methods this class defines also use a two-digit pattern. This is not required by unittest but it allows us to force methods to be called in the order we wish. Indeed unittest calls methods by alpha-numeric order, which can sometimes lead to unexpected results. Providing digits like this is a good way to work around that limitation. 4. Call the different assert/fail methods provided by the TestCase class to perform checking of values, exceptions, outputs, etc. The next step is to run this test case as follows: if __name__ == '__main__': unittest.main() This assumes that the call to main() is done from within the same module containing the TestCase class. The result of this test looks like the following: ... ---------------------------------------------------------------------- Ran 3 tests in 0.000s OK Chapter 9 [ 199 ] It is common to make the output a little more verbose as follows: if __name__ == '__main__': unittest.main(testRunner=unittest.TextTestRunner(verbosity=2)) This will produce the following output: test_01_forward (__main__.DummyTest) ... ok test_02_backward (__main__.DummyTest) ... ok test_03_boundaries (__main__.DummyTest) ... ok ---------------------------------------------------------------------- Ran 3 tests in 0.000s OK Now let's provoke an error so that one of the tests fails. In test_01_forward replace the first assertEqual with the following: self.assertEqual(dummy.forward(), 0) Then while running the test again you should get the following output: test_01_forward (__main__.DummyTest) ... FAIL test_02_backward (__main__.DummyTest) ... ok test_03_boundaries (__main__.DummyTest) ... ok ====================================================================== FAIL: test_01_forward (__main__.DummyTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "dummy.py", line 54, in test_01_forward self.assertEqual(dummy.forward(), 0) AssertionError: 1 != 0 ---------------------------------------------------------------------- Ran 3 tests in 0.001s FAILED (failures=1) As you can see, the unittest module does not stop processing any remaining test cases when one fails. Instead, it displays the traceback of the raised assertion error. Here the test is wrong but in the case where your assertion is a valid one, it would point to a failure of your application. Let's assume that we write a test that tries to go forward when the right boundary is less than the starting point. We assume that the documentation of the method tells us that it should raise an exception expressing the fact that the class has rejected this case. Testing [ 200 ] Let's create test_00_construct accordingly: def test_00_construct(self): self.assertRaises(ValueError, Dummy, start=34) Let's run the test now: test_00_construct (__main__.DummyTest) ... FAIL test_01_forward (__main__.DummyTest) ... ok test_02_backward (__main__.DummyTest) ... ok test_03_boundaries (__main__.DummyTest) ... ok ====================================================================== FAIL: test_00_construct (__main__.DummyTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "dummy.py", line 50, in test_00_construct self.assertRaises(ValueError, Dummy, start=34) AssertionError: ValueError not raised ---------------------------------------------------------------------- Ran 4 tests in 0.003s FAILED (failures=1) As you can see the test case does fail on the new test we have included. The reason is that the Dummy.__init__() method does not contain any error handling for this case unlike what the documentation told us. Let's fix this by adding the following code at the bottom of the __init__ method: if (start > right_boundary) or (start < left_boundary): raise ValueError, "Start point must belong to the boundaries" Let's now re-run the test: test_00_construct (__main__.DummyTest) ... ok test_01_forward (__main__.DummyTest) ... ok test_02_backward (__main__.DummyTest) ... ok test_03_boundaries (__main__.DummyTest) ... ok ---------------------------------------------------------------------- Ran 4 tests in 0.000s OK Chapter 9 [ 201 ] The previous example shows that it is sometimes desirable to write the test before implementing the functionality itself in order to avoid designing the test to match the code behavior. This is often called test-driven development. Another way to achieve this is to provide the API of the application or library to a third party, who will write the test case based on that API in a neutral fashion. Either way the previous example demonstrates that unit testing is only relevant when the tests are coherent with the design and are there to test the implementation. Now that we have introduced the unittest module let's present the doctest one. doctest The doctest module supports running Python code inlined within an object docstring. The advantage of this technique is that test cases are close to the code they test. The inconvenience is that some complex tests can be difficult to achieve this way. Let's see an example on the class we have defined earlier. class Dummy: def __init__(self, start=0, left_boundary=-10, right_boundary=10, allow_positive=True, allow_negative=False): """ >>> dummy = Dummy(start=27) Traceback (most recent call last): ... raise ValueError, "Start point must belong to the boundaries" ValueError: Start point must belong to the boundaries >>> dummy = Dummy() >>> dummy.backward() Traceback (most recent call last): ... raise ValueError, "Negative values are not allowed" ValueError: Negative values are not allowed """ self.current = start self.left_boundary = left_boundary self.right_boundary = right_boundary self.allow_positive = allow_positive self.allow_negative = allow_negative if (start > right_boundary) or (start < left_boundary): raise ValueError, "Start point must belong to the boundaries" Testing [ 202 ] def forward(self): """ >>> dummy = Dummy(right_boundary=3) >>> dummy.forward() 1 >>> dummy.forward() 2 >>> dummy.forward() 3 >>> dummy.forward() Traceback (most recent call last): ... raise ValueError, "Right boundary reached" ValueError: Right boundary reached """ next = self.current + 1 if (next > 0) and (not self.allow_positive): raise ValueError, "Positive values are not allowed" if next > self.right_boundary: raise ValueError, "Right boundary reached" self.current = next return self.current def backward(self): """ >>> dummy = Dummy(left_boundary=-3, allow_negative=True) >>> dummy.forward() 1 >>> dummy.backward() 0 >>> dummy.backward() -1 >>> dummy.backward() -2 >>> dummy.backward() -3 >>> dummy.backward() Traceback (most recent call last): ... raise ValueError, "Left boundary reached" ValueError: Left boundary reached """ prev = self.current - 1 Chapter 9 [ 203 ] if (prev < 0) and (not self.allow_negative): raise ValueError, "Negative values are not allowed" if prev < self.left_boundary: raise ValueError, "Left boundary reached" self.current = prev return self.current def __str__(self): return str(self.current) def __repr__(self): return "Dummy object at %s" % hex(id(self)) As you can see, each method you wish to test must have a docstring containing use cases that will be run as-is by the doctest module. Then you can run the test as follows: if __name__ == '__main__': doctest.testmod() sylvain@6[test]$ python dummy.py -v Trying: dummy = Dummy(start=27) Expecting: Traceback (most recent call last): ... raise ValueError, "Start point must belong to the boundaries" ValueError: Start point must belong to the boundaries ok Trying: dummy = Dummy() Expecting nothing ok Trying: dummy.backward() Expecting: Traceback (most recent call last): ... raise ValueError, "Negative values are not allowed" ValueError: Negative values are not allowed ok Trying: dummy = Dummy(left_boundary=-3, allow_negative=True) Testing [ 204 ] Expecting nothing ok Trying: dummy.forward() Expecting: 1 ok We do not reproduce the complete result trace as it is too long for the purpose of the chapter. You may consider that mixing code and documentation will reduce the efficiency of both, making the documentation harder to read. This concern is actually raised by the doctest module documentation itself, which sensibly advises handling docstring examples with care. Indeed, since the code belongs to the docstring, it will be displayed while viewing it. >>> from dummy import Dummy >>> help(Dummy.forward) Help on method forward in module dummy: forward(self) unbound dummy.Dummy method >>> dummy = Dummy(right_boundary=3) >>> dummy.forward() 1 >>> dummy.forward() 2 >>> dummy.forward() 3 >>> dummy.forward() Traceback (most recent call last): ... raise ValueError, "Right boundary reached" ValueError: Right boundary reached In such cases the tests can either be part of the documentation itself or be too complex making the documentation unusable. In a nutshell both the unittest and doctest modules deserve to be reviewed for your requirements and it is common to find both being used in a single project to provide a strong unit-test suite. In any case, we recommend you to read the documentation of both the modules, which will demonstrate that there is much more than the brief introduction given in this chapter. In addition a very informative mailing-list is available at http://lists.idyll.org/listinfo/testing-in-python. Chapter 9 [ 205 ] Unit Testing Web Applications In the previous section, we have presented two standard modules to perform unit testing in Python applications and packages. Unfortunately as they stand they lack some common features to help in specific contexts such as web applications. The Python community has obviously come up with solutions and there are several good extensions to unittest or completely distinct test packages to help us. We will use an extension to unittest, provided by CherryPy, called webtest and developed by Robert Brewer. This module provides a transparent integration with CherryPy and also provides a command-line helper to test different configurations of servers. It allows a test to be stopped when a failure occurs, offers access to the HTTP stack when an error is raised, also supports code coverage and profiling, etc. In a nutshell this module starts a CherryPy server automatically, which each test case uses to mount CherryPy applications as needed for the test run and to perform HTTP requests on that server. This section will now show all the different test cases of our photoblog application but you will find them within the source code of the application. Based on what we have explained in the previous section we design our test cases as follows: class TestServicesREST(PhotoblogTest): def test_00_REST(self): self.getPage("/services/rest/") self.assertStatus(404) self.getPage("/services/rest/album/", method="XYU") self.assertStatus(405) def test_02_REST_GET(self): # missing the ID self.getPage("/services/rest/album/") self.assertStatus(400) # missing the Accept header self.getPage("/services/rest/album/2") self.assertStatus(406) # wrong ID type self.getPage("/services/rest/album/st", headers=[("Accept", "application/json")]) self.assertStatus(404) Testing [ 206 ] self.getPage("/services/rest/album/2", headers=[("Accept", "application/json")]) self.assertStatus(200) self.assertHeader('Content-Type', 'application/json') self.assertHeader('Allow', 'DELETE, GET, HEAD, POST, PUT') self.getPage("/services/rest/album?album_id=2", headers=[("Accept", "application/json")]) self.assertStatus(200) self.assertHeader('Content-Type', 'application/json') self.assertHeader('Allow', 'DELETE, GET, HEAD, POST, PUT') def test_03_REST_POST(self): blog = self.photoblog params = {'title': 'Test2', 'author': 'Test demo', 'description': 'blah blah', 'content': 'more blah blah bluh', 'blog_id': str(blog.ID)} # let's transform the param dictionary # into a valid query string query_string = urllib.urlencode(params) self.getPage("/services/rest/album/", method="POST", body=query_string, headers=[("Accept", "application/json")]) self.assertStatus(201) self.assertHeader('Content-Type', 'application/json') # here we miss the Accept header self.getPage("/services/rest/album/", method="POST", body=query_string) self.assertStatus(406) def test_04_REST_PUT(self): blog = self.photoblog params = {'title': 'Test2', 'author': 'Test demo', 'description': 'blah blah', 'content': 'meh ehe eh', 'blog_id': str(blog.ID)} query_string = urllib.urlencode(params) # at this stage we don't have yet an album with that ID self.getPage("/services/rest/album/23", method="PUT", body=query_string, headers=[("Accept", "application/json")]) Chapter 9 [ 207 ] self.assertStatus(404) self.getPage("/services/rest/album/4", method="PUT", body=query_string, headers=[("Accept", "application/json")]) self.assertStatus(200) self.assertHeader('Content-Type', 'application/json') def test_06_REST_DELETE(self): self.getPage("/services/rest/album/4", method="DELETE") self.assertStatus(200) # DELETE is idempotent and should always return 200 in case # of success self.getPage("/services/rest/album/4", method="DELETE") self.assertStatus(200) def test_05_REST_Collection_GET(self): self.getPage("/services/rest/albums/3") self.assertStatus(400, 'Invalid range') self.getPage("/services/rest/albums/a") self.assertStatus(400, 'Invalid range') self.getPage("/services/rest/albums/0-") self.assertStatus(400, 'Invalid range') self.getPage("/services/rest/albums/a+3") self.assertStatus(400, 'Invalid range') self.getPage("/services/rest/albums/3-a") self.assertStatus(400, 'Invalid range') self.getPage("/services/rest/albums/0+3") self.assertStatus(400, 'Invalid range') # valid range but missing Accept header self.getPage("/services/rest/albums/0-3") self.assertStatus(406) self.getPage("/services/rest/albums/0-3", headers=[("Accept", "application/json")]) self.assertStatus(200) self.assertHeader('Content-Type', 'application/json') json = simplejson.loads(self.body) self.failUnless(isinstance(json, list)) self.failUnlessEqual(len(json), 3) Testing [ 208 ] The test case above is only an example of different tests we can conduct against our application and in reality more tests would be required to ensure that the application works as expected and to perform regression testing. As you can see, our test case performs HTTP requests and validates the content of the response as well as its headers. The simplicity of these validations is brought by the unit testing extension provided by the webtest module. Let's now see in detail how to set up that module to run the test case shown earlier. First let's create a test.py module containing the following code: import os.path import sys # Tell Python where to find our application's modules. sys.path.append(os.path.abspath('..')) # CherryPy main test module from cherrypy.test import test as cptest # load the global application settings current_dir = os.path.abspath(os.path.dirname(__file__)) conf.from_ini(os.path.join(current_dir, 'application.conf')) from models import Photoblog, Album, Film, Photo # dejavu main arena object arena = storage.arena # register our models with dejavu storage.setup() def initialize(): for cls in (Photoblog, Album, Film, Photo): arena.create_storage(cls) def shutdown(): for cls in (Photoblog, Album, Film, Photo): if arena.has_storage(cls): arena.drop_storage(cls) def run(): """ entry point to the test suite """ try: initialize() Chapter 9 [ 209 ] # modules name without the trailing .py # that this test will run. They must belong # to the same directory as test.py test_list = ['test_models', 'test_services'] cptest.CommandLineParser(test_list).run() finally: shutdown() print raw_input('hit enter to terminate the test') if __name__ == '__main__': run() Let's inspect what the test.py module can achieve: sylvain@[test]$ python test.py --help CherryPy Test Program Usage: test.py --server=* --host=127.0.0.1 --port=8080 --1.0 --cover --basedir=path --profile --validate --conquer --dumb --tests** * servers: --server=modpygw: modpygw --server=wsgi: cherrypy._cpwsgi.CPWSGIServer (default) --server=cpmodpy: cpmodpy --host=: use a host other than the default (127.0.0.1). Not yet available with mod_python servers. --port=: use a port other than the default (8080) --1.0: use HTTP/1.0 servers instead of default HTTP/1.1 --cover: turn on code-coverage tool --basedir=path: display coverage stats for some path other than --cherrypy. --profile: turn on profiling tool --validate: use wsgiref.validate (builtin in Python 2.5). --conquer: use wsgiconq (which uses pyconquer) to trace calls. --dumb: turn off the interactive output features. ** tests: --test_models --test_services Testing [ 210 ] As you can see, our test supports a handful of functionalities allowing us to run our tests in different configurations such as by using the built-in HTTP server or a mod_python handler, as we will explain in Chapter 10. Next we create a PhotoblogTest class, which will be the base class of our test cases. In a module called blogtest.py we add the following code: from cherrypy.test import helper # default blog name for the test suite blog_name = u"photoblog" from models import Photoblog class PhotoblogTest(helper.CPWebCase): def photoblog(self): blog = Photoblog.find_by_name(blog_name) if not blog: self.fail("Could not find blog '%s'" % blog_name) return blog photoblog = property(photoblog, doc="Returns a blog object to work against") The PhotoblogTest class inherits from the CherryPy CPWebCase class, which provides a list of functions to perform assertions checking against a web test. For instance, the CPWebCase class defines the following: assertStatus(status) to verify the status of the last response assertHeader(name, value=None) to verify whether a header is present as well as ensure that the value, if not None, is the one provided assertBody(value) to check the returned body is the one we expected assertInBody(value) to verify the returned content contained a given value This class also comes with the getPage(uri, method, headers, body) method to issue an HTTP request. Our PhotoblogTest class defines the photoblog property so that tests can easily get a reference to the blog we create by default throughout the life of the test. The blogtest.py module also contains the following functions used to set up the server for the life cycle of a test: from lib import storage import services from models import Album, Film, Photo def populate_storage(): • • • • Chapter 9 [ 211 ] photoblog = Photoblog() photoblog.create(blog_name, u'Yeah') a1 = Album() a1.create(photoblog, "Test album", "Test", "blah blah", "more blah blah") def reset_storage(): # here we simply remove every object a test has left # in the storage so that we have a clean # storage for the next test case run photoblog = Photoblog.find_by_name(blog_name) photoblog.delete() def setup_photoblog_server(): # Update the CherryPy global configuration cherrypy.config.update(os.path.join(current_dir, 'http.conf')) # fill the storage with default values for the purpose of the #test populate_storage() # Construct the published trees services_app = services.construct_app() # Mount the applications on the '/' prefix engine_conf_path = os.path.join(current_dir, 'engine.conf') service_app = cherrypy.tree.mount(services_app, '/services', config=engine_conf_path) service_app.merge(services.services_conf) def teardown_photoblog_server(): reset_storage() The setup_photoblog_server() function is responsible for setting up the photoblog application and loading the different configuration settings. These must be a part of the test directory. For instance, we could provide a different database name for the storage to be used so that we do not run the test on a production database. Finally, we define our test cases in a module named test_services.py as follows: import httplib import os.path import urllib import cherrypy import simplejson from models import Photoblog, Album, Film, Photo Testing [ 212 ] from blogtest import PhotoblogTest, blog_name, \ setup_photoblog_server, teardown_photoblog_server current_dir = os.path.abspath(os.path.dirname(__file__)) def setup_server(): setup_photoblog_server() def teardown_server(): teardown_photoblog_server() # Here we insert the TestServicesREST class definition # that we have seen at the beginning of this section Let's explain how this module is constructed: 1. We must import a bunch of modules to perform specific tasks for our tests. 2. Our test case subclasses the PhotoblogTest class that we have described earlier. 3. We need to define two functions—setup_server() and teardown_server(), which will be automatically called by the CherryPy test module each time it starts and finishes running a test module. This allows us to initialize our photoblog application for the test case. 4. Finally we add the TestServicesREST class as our test case. Let's now run the entire test suite: sylvain@[test]$ python test.py Python version used to run this test script: 2.5 CherryPy version 3.0.0 HTTP server version HTTP/1.1 Running tests: cherrypy._cpwsgi.CPWSGIServer No handlers could be found for logger "cherrypy.error" test_00_Photoblog_unit (test_models.TestModels) ... ok test_01_Photoblog_create (test_models.TestModels) ... ok test_02_Photoblog_retrieve_by_name (test_models.TestModels) ... ok test_03_Photoblog_retrieve_by_unknown_name (test_models.TestModels) ... ok test_04_Photoblog_retrieve_by_unsupported_id_type (test_models.TestModels) ... ok test_05_Photoblog_update (test_models.TestModels) ... ok test_06_Photoblog_populate (test_models.TestModels) ... ok test_10_Album_unit (test_models.TestModels) ... ok test_99_Photoblog_delete (test_models.TestModels) ... ok test_00_REST (test_services.TestServicesREST) ... ok Chapter 9 [ 213 ] test_01_REST_HEAD (test_services.TestServicesREST) ... ok test_02_REST_GET (test_services.TestServicesREST) ... ok test_03_REST_POST (test_services.TestServicesREST) ... ok test_04_REST_PUT (test_services.TestServicesREST) ... ok test_05_REST_Collection_GET (test_services.TestServicesREST) ... ok test_06_REST_DELETE (test_services.TestServicesREST) ... ok If on the other hand you wish to run only one module: sylvain@[test]$ python test.py --models Python version used to run this test script: 2.5 CherryPy version 3.0.0 HTTP server version HTTP/1.1 Running tests: cherrypy._cpwsgi.CPWSGIServer No handlers could be found for logger "cherrypy.error" test_00_Photoblog_unit (test_models.TestModels) ... ok test_01_Photoblog_create (test_models.TestModels) ... ok test_02_Photoblog_retrieve_by_name (test_models.TestModels) ... ok test_03_Photoblog_retrieve_by_unknown_name (test_models.TestModels) ... ok test_04_Photoblog_retrieve_by_unsupported_id_type (test_models. TestModels) ... ok test_05_Photoblog_update (test_models.TestModels) ... ok test_06_Photoblog_populate (test_models.TestModels) ... ok test_10_Album_unit (test_models.TestModels) ... ok test_99_Photoblog_delete (test_models.TestModels) ... ok As you can see, writing unit tests using the CherryPy test module makes the task of testing an application based on CherryPy an easy one, because CherryPy takes care of a lot of common burdens allowing the tester to focus on what really matters. Performance and Load Testing Depending on the application you are writing and your expectations in terms of volume, you may need to run load and performance testing in order to detect potential bottlenecks in the application that are preventing it from reaching a certain level of performance. This section will not detail how to conduct a performance or load test as it is out of its scope but we will review one Python solution, the FunkLoad package provided by Nuxeo, a French company specialized in free software written in Python. You can install FunkLoad via the easy_install command. FunkLoad is available at http://funkload.nuxeo.org/. Testing [ 214 ] FunkLoad is an extension to the webunit module, a Python module oriented towards unit testing web application. FunkLoad comes with a fairly extensive API and set of tools taking care of the burden of extracting metrics from a load test to eventually generate test reports with nice-looking charts. Let's see an extremely basic example of using FunkLoad. from funkload.FunkLoadTestCase import FunkLoadTestCase class LoadHomePage(FunkLoadTestCase): def test_homepage(self): server_url = self.conf_get('main', 'url') nb_time = self.conf_getInt('test_homepage', 'nb_time') home_page = "%s/" % server_url for i in range(nb_time): self.logd('Try %i' % i) self.get(home_page, description='Get gome page') if __name__ in ('main', '__main__'): import unittest unittest.main() Let's understand this example in detail: 1. Your test case must inherit from the FunkLoadTestCase class so that FunkLoad can do its internal job of tracking what happens during the test. 2. Your class name is important as FunkLoad will look for a file named after that name, in our case: LoadHomePage.conf in the test directory. 3. Your test has direct access to the configuration file and gets values as follows: conf_get(section, key) returns a string. conf_getInt(section, key) returns the value as an integer. conf_getFloat(section key) returns the value as a float. conf_getList(section, key) returns the value column separated as a list of strings. 4. You then simply call the get() or post() method to issue a request against the server and retrieve the response returned by these methods. Internally Funkload will create a set of metrics of the test and save them in an XML file that can be processed later. ° ° ° ° Chapter 9 [ 215 ] Let's analyze the LoadHomePage.conf settings: [main] title=Photoblog home page description=Access the photoblog home page url=http://localhost:8080 [test_homepage] description=Access %(nb_time)s times the following pages: %(pages)s. nb_time=3 pages=/ [ftest] log_to = console file log_path = logs/load_home_page.log result_path = logs/load_home_page.xml sleep_time_min = 0 sleep_time_max = 2 The main section contains global settings for the test, whereas the test_homepage contains specific values for the test_homepage() method of our test case. The ftest section is used by FunkLoad for internal processing. After starting an instance of the photoblog application server, we run the test: sylvain@[test]$ python test_load_home_page.py test_homepage: Starting ----------------------------------- Access 3 times the following pages: /. test_homepage: Try 0 test_homepage: GET: http://localhost:8080/ Page 1: Get gome page ... test_homepage: Done in 0.039s test_homepage: Load css and images... test_homepage: Done in 0.044s test_homepage: Try 1 test_homepage: GET: http://localhost:8080/ Page 2: Get gome page ... test_homepage: Done in 0.041s test_homepage: Load css and images... test_homepage: Done in 0.000s test_homepage: Try 2 test_homepage: GET: http://localhost:8080/ Page 3: Get gome page ... test_homepage: Done in 0.051s test_homepage: Load css and images... test_homepage: Done in 0.000s Testing [ 216 ] . ---------------------------------------------------------------------- Ran 1 test in 2.149s OK The previous test is not really a load test yet. To use it as a load or performance test, we need to use a FunkLoad tool called fl-run-bench. This command-line tool will run a benchmark using a test like the one we have just created. A benchmark will simulate virtual users to run concurrently to perform a realistic use of the server. For instance, if we want to benchmark three cycles of 5, 10, and 20 virtual users during 30 seconds, we would do the following. First add the following sections to the configuration file: [bench] cycles = 5:10:20 duration = 30 startup_delay = 0.05 sleep_time = 1 cycle_time = 1 log_to = file log_path = logs/load_home_page.log result_path = logs/load_home_page.xml sleep_time_min = 0 sleep_time_max = 0.6 Then launch the benchmark: sylvain@[test]$ fl-run-bench test_load_home_page.py \ LoadHomePage.test_homepage ======================================= Benching LoadHomePage.test_homepage ======================================= Access 3 times the following pages: /. --------------------------------------------------------------------- --- Configuration ============= * Current time: 2007-02-28T13:43:22.376339 * Configuration file: load/LoadHomePage.conf * Log xml: logs/load_home_page.xml * Server: http://localhost:8080 * Cycles: [5, 10, 20] Chapter 9 [ 217 ] * Cycle duration: 30s * Sleeptime between request: from 0.0s to 0.6s * Sleeptime between test case: 1.0s * Startup delay between thread: 0.05s Benching ======== Cycle #0 with 5 virtual users ----------------------------- * Current time: 2007-02-28T13:43:22.380481 * Starting threads: ..... done. * Logging for 30s (until 2007-02-28T13:43:52.669762): .... done. * Waiting end of threads: ..... done. * Waiting cycle sleeptime 1s: ... done. * End of cycle, 33.46s elapsed. * Cycle result: **SUCCESSFUL**, 76 success, 0 failure, 0 errors. Cycle #1 with 10 virtual users ------------------------------ * Current time: 2007-02-28T13:43:55.837831 * Starting threads: .... done. * Logging for 30s (until 2007-02-28T13:44:26.681356): .... done. * Waiting end of threads: .......... done. * Waiting cycle sleeptime 1s: ... done. * End of cycle, 34.02s elapsed. * Cycle result: **SUCCESSFUL**, 145 success, 0 failure, 0 errors. Cycle #2 with 20 virtual users ------------------------------ * Current time: 2007-02-28T13:44:29.859868 * Starting threads: ....... done. * Logging for 30s (until 2007-02-28T13:45:01.191106): * Waiting end of threads: .................... done. * Waiting cycle sleeptime 1s: ... done. * End of cycle, 35.59s elapsed. * Cycle result: **SUCCESSFUL**, 203 success, 0 failure, 0 errors. Result ====== * Success: 424 * Failures: 0 * Errors: 0 Bench status: **SUCCESSFUL** Testing [ 218 ] Now that we have run our benchmark we can create a report using the fl-build-report command-line tool as follows: sylvain@[test]$ fl-build-report --html -o reports logs/load_home_page.xml Creating html report: ...done: reports/test_homepage-2007-02-28T13-43-22/index.html This will produce an HTML page with statistics gathered from the benchmark as shown in the following figure: In addition to these modules, FunkLoad offers tools to test XML-RPC servers or record tests from a browser directly, allowing for complex tests to be developed easily. Kindly refer the FunkLoad documentation for more details about these features. Overall Funkload is quite a powerful tool and yet flexible and simple to use, providing a comprehensive load and performance-testing environment for Python web applications. Functional Testing Once your application functionalities start taking shape, you may want to conduct a set of functional testing so that you can validate your application's correctness regarding the specification. For a web application, this would mean going through the application from a browser for example. However, since the test would have to be automated it would require the use of third-party products such as Selenium (Selenium is available at http://www.openqa.org/selenium/). Chapter 9 [ 219 ] Selenium is a JavaScript-based open-source product, developed and maintained by the OpenQA team to perform functional and acceptance testing. It works directly from the browser it targets helping to ensure the portability of the client-side code of the application. Selenium comes in several packages: Core: The core package allows a tester to design and run tests directly from the browser using pure HTML and JavaScript. Remote Control: This package allows performing tests using common programming languages such as Python, Perl, Ruby, Java, or C#. Scripts written in these languages drive a browser to automate actions to be performed during the test. IDE: The Selenium IDE is available as a Firefox extension to help the creation of tests by recording actions carried out via the browser itself. The tests can then be exported to be used by the Core and Remote Control packages. Application under Test Before we explain how Selenium components work, we must introduce an application example. This application will simply provide one web page with two links. One of them will replace the current page with a new one. The second link will fetch data using Ajax. We use this example rather than our photoblog application for the sake of simplicity. The code of the application is as follows: import datetime import os.path import cherrypy import simplejson _header = """
""" _footer = """ """ class Dummy: @cherrypy.expose def index(self): return """%s %s""" % (_header, _footer) Chapter 9 [ 221 ] @cherrypy.expose def report(self): now = datetime.datetime.now().strftime("%d %b. %Y, %H:%M:%S") return """%s %s""" % (_header, now, _footer) @cherrypy.expose def fetch_report(self): now = datetime.datetime.now().strftime("%d %b. %Y, %H:%M:%S") cherrypy.response.headers['Content-Type'] = 'application/json' return simplejson.dumps({'name': 'Music report (Ajax)', 'author': 'Jon Doe', 'updated': now}) if __name__ == '__main__': current_dir = os.path.abspath(os.path.dirname(__file__)) conf = {'/test': {'tools.staticdir.on': True, 'tools.staticdir.dir': "test", 'tools.staticdir.root': current_dir}, '/MochiKit': {'tools.staticdir.on': True, 'tools.staticdir.dir': "MochiKit", 'tools.staticdir.root': current_dir}, '/selenium': {'tools.staticdir.on': True, 'tools.staticdir.dir': "selenium", 'tools.staticdir.root': current_dir}} cherrypy.quickstart(Dummy(), config=conf) We define three paths to be served as static directories. The first one carries our Selenium test suite and test cases that will be detailed later. The second one contains the MochiKit JavaScript toolkit and the last one contains the Selenium Core package. Indeed, Selenium Core must be served by the same server under which the tests are conducted. Testing [ 222 ] The application will look like the following in the browser: When clicking on the first link, the fetch_report() JavaScript function will be triggered to fetch the report data via XMLHttpRequest. The result will look like the following: When clicking on the second link, the current page will be replaced by a new page containing the report such as the following: As you can see this application is not doing anything fancy but provides us with common use cases in modern web applications. In the following sections we will therefore describe two test cases, one for each link of our application. Selenium Core Selenium tests are described via HTML tables of three columns and as many rows as needed with each row describing an action to be performed by Selenium. The three columns are as follows: Name of the Selenium action to be performed. Target to be looked for by Selenium within the document object model of the page. It can be the identifier of an element or an XPath statement leading to an element. Value. A value to compare to or to be used by the action. • • • Chapter 9 [ 223 ] Let's describe for example the following test: 1. Fetch the home page. 2. Click on the Get Report link and wait for the returned page. 3. Verify that we can find the HTML string in the new page. This would translate into (save this in test/test_html.html):

HTML Test
open	/
clickAndWait	link=Get report
verifyTextPresent		HTML

Let's describe now our second use case to test our Ajax code: 1. Fetch the home page. 2. Click on the Get Report via Ajax link. 3. Pause for a few seconds. 4. Verify that we can find the Ajax string in the new page. Testing [ 224 ] The third step is compulsory because when performing an XMLHttpRequest, Selenium does not wait for the response. In such a case, you must pause Selenium's execution so that it gives time for the response to come back and update the document object model of the page. The previous use case will translate into (save this in test/test_ajax.html):

Test Ajax
open	/
click	link=Get report via Ajax
pause	300
verifyTextPresent		Ajax

Now that we have our test cases in our test directory, we can create a test suite as follows: Chapter 9 [ 225 ]

Test Suite

Test HTML

Test Ajax

We now have everything we need to run a test. To do so, we will use the test runner provided by the Selenium Core package. In a browser open the following page: http://localhost:8080/selenium/core/TestRunner.html This will display a page like the following: Testing [ 226 ] We can now load our test suite and get the next screen by entering the following path: ../../test/testsuite.html in the TestSuite input box on the top left of the page. As you can see, the left pane lists all our test cases, the central pane displays the current selected test case, and the right pane shows Selenium's controls and results. Finally, the bottom of the page will display the result web page of each test case. Chapter 9 [ 227 ] The next step is to run these tests by clicking the All button, which will generate the following screen: Selenium TestRunner will use color codes to inform you of how test cases have performed. Green means things were fine, yellow means the step is not finished, and red shows errors during the test. Selenium IDE In the previous section we have written our test cases directly from a text editor, which can become a little tedious with long use cases. Thankfully, the OpenQA team provides an integrated development editor for Selenium available as an extension for the Mozilla Firefox browser. The advantages of this IDE are: No need to install Selenium core package on the server Ability to record actions by following the business process in the browser Ability to manually amend any generated test Step-by-step debugging of test cases Recorded test cases can be exported to HTML or any of the supported languages of the Selenium Remote Control package • • • • • Testing [ 228 ] To record a test case you first need to provide the base URL of your server, http://localhost:8080 in the following window: Since by default when you start the IDE it runs in recording mode, you can now go to the browser and follow your business process. Each step will be recorded automatically by the Selenium IDE. For instance, by clicking on Get Report, the clickAndWait step will be generated. To verify the presence of a given text, you must highlight the targeted text, right-click to open the pop-up menu, and select verifyTextPresent. Chapter 9 [ 229 ] Your IDE will then look like the following: Testing [ 230 ] Now that we have a recorded test we can run it by clicking the green triangle. As you can see, the steps to create a script are much simpler using the IDE. Moreover, thanks to its great flexibility you can either insert new steps or remove and modify existing ones if the IDE failed to record an action for instance. You can also load tests created manually into the IDE and run them from there. Finally, you can export your recorded step so that you can run it via the Test Runner or via the Selenium Remote Control package as we will see in the next section. Chapter 9 [ 231 ] Selenium Remote Control The Selenium Remote Control (RC) package offers the possibility of driving a browser using a recorded step from several programming languages. This is extremely interesting because your tests can therefore be run as regular unit tests. You need to first get the Python modules from the Selenium RC package. Once they can be found in your PYTHONPATH, you should be able to do the following: from selenium import selenium. Next step will be to export the previously recorded test to the Python language. The resulting script will look like the following: from selenium import selenium import unittest, time, re class TestHTML(unittest.TestCase): def setUp(self): self.verificationErrors = [] self.selenium = selenium("localhost", 4444, "*firefox", "http://localhost:8080") self.selenium.start() def test_TestHTML(self): # Get a reference to our selenium object sl = self.selenium sl.open("/") sl.click("link=Get report") sl.wait_for_page_to_load("5000") try: self.failUnless(sl.is_text_present("HTML")) except AssertionError, e: self.verificationErrors. append(str(e)) def tearDown(self): self.selenium.stop() self.assertEqual([], self.verificationErrors) if __name__ == "__main__": unittest.main() As you can see, this is a pure test case from the unittest standard module. Testing [ 232 ] Let's see what the script does: 1. The setUp() method, called before each test method, initializes a Selenium object indicating the host and the port of the Selenium proxy as well as which kind of browser should be used during the test. 2. The test_TestHTML() method performs the actual steps of our test case. 3. The tearDown() method, called after each test method, stops this instance of the Selenium object. Before running the test, you must start the Selenium proxy, which will handle the startup of the chosen browser as well as run the test. It will then return all the results to our test case. The Selenium RC package comes with a default proxy server written in Java, which is the one we will use in our example. However, nothing prevents anyone from writing a proxy in a different language of course. To start the server, you must go to the Selenium RC package directory and issue the following command, assuming you have a Java virtual machine 1.4.2 or above installed on your machine: sylvain@[selenium]$ java -jar server/selenium-server.jar Once the server is started, you must start your application server and then you can run the test as follows: python test_html.py . ---------------------------------------------------------------------- Ran 1 test in 6.877s OK If you look at the Selenium proxy server logs, you should see something like the following: queryString = cmd=getNewBrowserSession&1=%2Afirefox&2=http%3A%2F%2Flocalhost%3A8080 Preparing Firefox profile... Launching Firefox... 3 oct. 2006 17:35:10 org.mortbay.util.Container start INFO: Started HttpContext[/,/] Got result: OK,1159893304958 queryString = cmd=open&1=%2F&sessionId=1159893304958 Got result: OK queryString = cmd=click&1=link%3DGet+report&sessionId=1159893304958 Got result: OK queryString = cmd=waitForPageToLoad&1=5000&sessionId=1159893304958 Got result: OK Chapter 9 [ 233 ] queryString = cmd=isTextPresent&1=HTML&sessionId=1159893304958 Got result: OK,true queryString = cmd=testComplete&sessionId=1159893304958 Killing Firefox... Got result: OK This will launch a Firefox instance, run the test, and pass back the results to your test case as normal input. In this section, we have presented an open-source solution, Selenium, to perform acceptance and functional testing in order to validate the correctness of our application. Although this solution is not the only one, it has gained lots of support from the community. Its flexibility and large set of features offer the tester a large palette to build his or her tests on. Summary Throughout this chapter we have presented different aspects of testing an application. Although this is not a comprehensive list of what can be achieved, it should provide a good starting point to understand how an application can and should be tested. It is important to note that testing should not happen at the last stage of the application development's life but instead be a part of its building as soon as possible. Deployment Our final chapter will explain in the first section how to configure CherryPy-based applications, and then review different methods to deploy such an application through the use of Apache and lighttpd. Finally, we will review how to make your CherryPy-based application SSL enabled via the built-in CherryPy HTTP server, as well as by using Apache and lighttpd capabilities. Configuration While developing an application, you always need to parameterize it, so that it can be tuned as per the requirements of the hosting environment. For instance, the type of database used, PostgreSQL or MySQL, the directory in which the application resides, administrator contacts, etc. There are different levels of configuration settings required in a web application like our photoblog: Web server: Settings linked to the HTTP server Engine: Settings associated with the engine hosting the application Application: Settings our application will use CherryPy—Web and Engine Configuration System Since our application is using CherryPy, we will use the CherryPy configuration capabilities for the web server and the engine. CherryPy uses a configuration based on the syntax of the INI format defined by Microsoft. • • • Deployment [ 236 ] The format of a CherryPy configuration file is as follows: [section] key = value The main difference between the original INI format and the format used by CherryPy is the fact that values in the latter case are Python data types. For example: [global] server.socket_host = "localhost" server.socket_port = 8080 With the exception of [global], the sections of configuration files match a requested URI path segment, as illustrated in the following example: [/css/style.css] tools.staticfile.on = True tools.staticfile.file = "app.css" tools.staticfile.root = "/var/www/photoblog/design/default/css" When CherryPy tries to match the /css/style.css request, it will inspect the configuration settings for a matching section. If found, it will use the settings defined for that section. Before we explain how CherryPy differentiates between the web server and the engine settings, let's see how the configuration settings can be defined in a Python dictionary instead. The following code snippet demonstrates the same settings: {'/css/style.css': {'tools.staticfile.on': True, 'tools.staticfilE.file': "app.css" 'tools.staticfile.root': "/var/www/photoblog/design/default/css"}} Functionally, both methods will provide the same capabilities. Using a Python dictionary offers the advantage of residing within the code itself, and thus allows for more complex data types to be provided as values. Eventually, it is usually a matter of taste between the two options. Now that we have presented how to declare configuration settings, let's see how to pass them to their components. CherryPy API is quite straight forward in that respect: cherrypy.config.update (file or dictionary) is used to configure the CherryPy web server. cherrypy.tree.mount (app, config file, or dictionary) is used to provide the settings for the mounted application. • • Chapter 10 [ 237 ] The _cp_config attribute is bound to the page handlers, or to the class containing the page handlers and calls a controller defined as a dictionary (in which case, the settings are propagated by CherryPy to all the page handlers of that controller). It is used to pass the settings directly to where they will be needed. We will review an example to understand how to use that API in our context: import cherrypy class Root: @cherrypy.expose def echo(self, some): repeat = cherrypy.request.config.get('repeat', 1) return some * repeat echo._cp_config = {'repeat': 3} if __name__ == '__main__': http_conf = {'global': {'environment': 'production', 'server.socket_port': 9090, 'log.screen': True, 'log.error_file': 'error.log', 'log.access_file': 'access.log'}} cherrypy.config.update(http_conf) app0_conf = {'/echo': {'tools.response_headers.on': True, 'tools.response_headers.headers': ('Content-Type', 'text/plain')]}} cherrypy.tree.mount(Root(), script_name='/app0', config=app0_conf) app1_conf = {'/echo': {'tools.gzip.on': True, 'repeat': 2}} cherrypy.tree.mount(Root(), script_name='/app1', config=app1_conf) cherrypy.server.quickstart() cherrypy.engine.start() Let's see what we have done in our example: 1. First we declare an application with a page handler named echo. The purpose of this handler is to return the request body and repeat it as many times as defined by the configuration setting key repeat. To do so, we use the _cp_config attribute bound to the page handler. This value can also be passed from the main configuration dictionary. In that case, the value coming from the main dictionary takes precedence over the _cp_config attribute. • Deployment [ 238 ] 2. Next we declare the web server settings in a dictionary and then we call cherrypy.config.update() with that dictionary. Note that the use of the key, named global, is not compulsory when using a dictionary. CherryPy does interpret it exactly the same way; so the semantic equivalent of the previous example can be written as follows: http_conf = {'environment': 'production', 'server.socket_port': 9090, 'log.screen': True, 'log.error_file': 'error.log', 'log.access_file': 'access.log'} cherrypy.config.update(http_conf) 3. Finally we mount two applications on two distinct prefixes with two different configuration settings. It is important to notice that the key we use is the path to the page handler relatively to where the application is mounted. That is why we use /echo, and neither /app0/echo nor /app1/ echo. This also means that configuration settings do not leak across mounted applications. CherryPy makes sure that each application receives only the settings it was declared with. It is a common mistake to pass configuration settings associated with the application to the cherrypy.config.update() method. This will not propagate the settings to the mounted application. You must use the config attribute of cherrypy.tree.mount() to get the expected behavior. Photoblog Application Configuration System Configuration settings of an application will not usually be passed through the CherryPy configuration system, which is at a lower level. An application would usually define entities from their domain level, store those values in a back-end storage along with the rest of its data, and ultimately provide a front-end interface to allow the administrator or a user to modify them. The photoblog application will not go that far but will keep a fairly simple approach to providing configuration settings by using a pure INI file. We make this choice because in the photoblog application case the configuration settings will be simple, defined, and editable by the administrator of the application. We will therefore avoid the burden of developing a more complex solution than an INI file. Chapter 10 [ 239 ] However, in order to simplify access to those settings, we will define a specific class that will turn the INI sections, keys, and values into a Python object: from ConfigParser import ConfigParser class Config(object): def from_ini(self, filepath, encoding='ISO-8859-1'): config = ConfigParser() config.readfp(file(filepath, 'rb')) for section in config.sections(): section_prop = Config() section_prop.keys = [] setattr(self, section, section_prop) for option in config.options(section): section_prop.keys.append(option) value = config.get(section, option).decode(encoding) setattr(section_prop, option, value) This class will simply go through the INI file and add attributes to the instance of the Config class on the fly. For instance, imagine you have the following INI file: [app] base_url = http://localhost:8080 copyright = Creative Commons Attribution-ShareAlike2.5 License [storage] host = localhost dbname = photoblog user = test password = test type = postgres Using the above class, we can make the following modifications: import config c = config.Config() c.from_ini('application.conf') dir(c) ['__class__', '__delattr__', '__dict__', '__doc__', '__getattribute__', '__hash__', '__init__', '__module__' '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__str__', '__weakref__', 'app', 'storage'] c.app.copyright u'Creative Commons Attribution-ShareAlike2.5 License' Deployment [ 240 ] As you can see, we have now modified the INI file into a tree of attributes bound to the instance of the Config class. The photoblog application will have one global instance of that class that will therefore be accessible from everywhere in the application. In this section, we have briefly reviewed the ways to parameterize a CherryPy application using its built-in configuration system. We have also introduced a simple configuration system using an INI file format allowing application settings. This approach hence provides an easy way to mock up the passing of parameters, before moving towards a system-based database, which can be more demanding. Deployment Deploying a CherryPy-based application can be as easy as dropping the application in an environment, where all the required packages (CherryPy, Kid, simplejson, etc.) are available from the Python system path. However, in a shared web-hosted environment, it is quite likely that the CherryPy web server will reside behind a front-end server such as Apache or lighttpd, allowing the host provider to perform some filtering operations if needed, or for instance let that front end serve the static files in a more efficient fashion than CherryPy. This section will present a few solutions to run a CherryPy application behind the Apache and lighttpd web servers. Before explaining how to use CherryPy behind Apache or lighttpd, let's define a simple application that we will use throughout the example: import.cherrypy def setup_app(): class Root: @cherrypy.expose def index(self): # Will return the hostname used by CherryPy and the remote # caller IP address return "Hello there %s from IP: %s " % (cherrypy.request.base, cherrypy.request.remote.ip) cherrypy.config.update({'server.socket_port': 9091, 'environment': 'production', 'log.screen': False, 'show_tracebacks': False}) cherrypy.tree.mount(Root()) if __name__ == '__main__': setup_app() cherrypy.server.quickstart() cherrypy.engine.start() Chapter 10 [ 241 ] As discussed earlier, there are several ways of deploying CherryPy-based applications. Now, we will discuss the different approaches to deployment. Apache with mod_rewrite Module The first solution you can review when running behind the Apache web server is to use the mod_rewrite module. This module allows you to define a set of rules that the module will analyze to transform incoming HTTP requests and re-dispatch them towards the back-end server. In our example, we will make the following assumptions, which are in fact the requirements: You run Apache 2.2. You have access to the Apache configuration that can usually be found in the file named httpd.conf. You can also stop and restart the apache process. These requirements imply either that you have administrator rights on the machine or that you have a local installation of Apache to play with. You will use the VirtualHost directive that allows encapsulating directives targeting only one particular host. This allows distinct hosts to be handled by one single instance of Apache. We will also assume that you have myapp.com resolvable locally. To do so: Under Linux, add the following line to the /etc/hosts file: 127.0.0.1 myapp.com myapp www.myapp.com Your operating system should now resolve requests to the myapp.com host to your local environment. Let's now explain how we must configure Apache: 1. Load the required Apache modules, as follows: LoadModule rewrite_module modules/mod_rewrite.so Note that you may need to provide the full path to the module itself in some environments. 2. Next we declare the VirtualHost, as follows: # Create a virtual host in your apache configuration # to handle requests for the myapp.com hostname ServerName myapp.com ServerAlias www.myapp.com ������������������������������������# Where our application files reside • • • • Deployment [ 242 ] DocumentRoot /home/sylvain/photoblog # What is our directory index by default DirectoryIndex index.html # Message to return when our CherryPy server is down and # apache could not forward the request. ErrorDocument 502 "Server down" # mod_proxy magic # First enable the mod_rewrite engine RewriteEngine on # Now we simply rewrite incoming requests URI so that they # are proxied to our CherryPy web server # http://myapp.com/archives/2006/10/12/my-article # would become # http://127.0.0.1:9091/archives/2006/10/12/my-article RewriteRule ^(.*) http://127.0.0.1:9091$1 [P] # Now define the format of the logs to be used by Apache ����������������������������������������������������LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%t %a %D %I %O %s %{Content-Type}o %{Host}i \"%r\" \"%{Referer}i\"" host ���������CustomLog /home/sylvain/photoblog/access_myapp.log combined Errorlog /home/sylvain/photoblog/error_myapp.log 3. The next step is to stop and restart your Apache process so that these modifications are taken into account. 4. Then start your CherryPy application server. The mod_rewrite module documentation explains in detail how to build rewriting rules. In the previous example, we defined the most generic one by mapping the request URI path to a new hostname. When navigating to the URL http://myapp.com, you should now see the following message: Hello there http://127.0.0.1:9091 from IP: 127.0.0.1 Now that we know how to map a host to our CherryPy application via Apache, we might want to retrieve the actual hostname and remote IP address instead of the local ones. The former is needed when generating links like: link = "%s/%s" % (cherrypy.request.base, path) Chapter 10 [ 243 ] There are two options to achieve this, as they are independent from each other: 1. Use the mod_proxy module of Apache to forward the host. First you need to load the module like this (consult your documentation): LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so Add the following directive to VirtualHost: ProxyPreserveHost on Restart Apache. 2. Use the CherryPy proxy tool as follows: Add the following entry to your global configuration: 'tools.proxy.on': True Restart your CherryPy application. In both cases, you will now see the following message in your browser: Hello there http://myapp.com from IP: 127.0.0.1 The IP address stays the same because the test is being done from the same machine where the server is being hosted, on the local interface. Let's now explain how the previous recipe works. In the first case, by using the ProxyPreserveHost directive, we tell Apache to keep the HTTP header host field as it is and not to overwrite it with the local IP address. This means that CherryPy will receive the original value of the Host header. In the second case, we tell CherryPy to look for specific headers set by Apache when doing proxy with the original hostnames. The default header looked up by CherryPy is X-Forwarded-Host. Lighttpd with mod_proxy Module Lighttpd is another popular and very efficient HTTP server. The previous section can be translated to lighttpd in a similar fashion using mod_proxy. Here is an example on how you can configure lighttpd to proxy incoming requests to a CherryPy server: $HTTP["host"] == "myapp.com" { proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 8080))) } ° ° ° ° ° Deployment [ 244 ] Add this to the lighttd.conf file and restart the server. When browsing to http://myapp.com, you will see the following message: Hello there http://myapp.com from IP: 127.0.0.1 Apache with mod_python Module In the year 2000, Gregory Trubetskoy released the first version of mod_python. It is a module for Apache allowing the Python interpreter to be embedded within the Apache server providing a bridge between the Apache web server and Python applications. One of the strengths of mod_python is that unlike CGI where each request requires a Python process to be launched mod_python does not have any such requirement. Therefore, it gives the opportunity to the developer to benefit from the persistence of the Python process started by Apache when running the module (keeping a pool of database connections for instance). Before seeing how to configure Apache and mod_python, let's review what are the requirements: Apache 2.2 mod_python 3.1.x or superior We will assume that mod_python is properly installed in your environment. Now let's explain how to configure mod_python to run a CherryPy-based application: LoadModule python_module modules/mod_python.so PythonPath "sys.path + ['/home/sylvain/app']" SetHandler python-program PythonHandler cherrypy._cpmodpy::handler PythonOption cherrypy.setup my_app::setup_app PythonDebug On We will take you through the process sequentially: 1. First we load the mod_python module. 2. We define a location directive specifying what Apache should do to the request starting with "/". • • Chapter 10 [ 245 ] 3. Then we define several mod_python directives: PythonPath extends the system path and makes sure that our application modules will be found. For instance, here the my_app.py module resides in /home/sylvain/app. SetHandler indicates that all requests starting with the path provided in the location directive will be handled by mod_python. PythonHandler sets the generic handler that will be in charge of generating the output to return to the user agent. We use the built-in mod_python handler provided by CherryPy. PythonOption passes options to the generic handler. Here the option will be named cherrypy.setup and we bind it to the function setup_app that our application provides. We assume the application is saved in a Python module named my_app.py. The setup_app method must be the one mounting the application. PythonDebug is enabled. 4. Finally, we modify the application as follows: import cherrypy def setup_app(): class Root: @cherrypy.expose def index(self): return "Hello there %s from IP: %s " % \ (cherrypy.request.base,cherrypy.request.remote.ip) cherrypy.tree.mount(Root()) cherrypy.engine.start(blocking=False) The difference is that we start the CherryPy engine in a non-blocking mode so that the Python process started via mod_python does not hang. Now you can stop and restart the Apache process and navigate to the http://myapp.com URL and you should see the following content: Hello there http://myapp.com from IP: 127.0.0.1 ° ° ° ° ° Deployment [ 246 ] mod_python with WSGI Application In the previous approach, we used the built-in mod_python handler that works fine on the applications usually hosted by CherryPy. If your application respects the WSGI interface, you may want to use the ModPythonGateway handler (http://projects.amor.org/misc/wiki/ModPythonGateway) developed by Robert Brewer. First let's see the CherryPy application in the my_app.py module: import cherrypy class Root: @cherrypy.expose def index(self): return "Hello there %s from IP: %s " % (cherrypy.request.base, cherrypy.request.remote.ip) # Create an application respecting the WSGI interface wsgi_app = cherrypy.Application(Root()) # This will be call on the first request def setup_app(req): cherrypy.engine.start(blocking=False) Now, let's review how to configure Apache to use the ModPythonGateway handler: PythonPath "sys.path + ['/home/sylvain/app']" SetHandler python-program PythonHandler modpython_gateway::handler PythonOption wsgi.startup my_app::setup_app PythonOption wsgi.application my_app::wsgi_app PythonOption wsgi.cleanup cherrypy::engine.stop Thanks to the ModPythonGateway handler, you can use the richness of WSGI-based middlewares within the power of the Apache server. SSL SSL (Secure Sockets Layer) can be supported in CherryPy-based applications natively by CherryPy. To enable SSL support, you must meet the following requirements: Have the PyOpenSSL package installed in your environment Have an SSL certificate and private key on the server • • Chapter 10 [ 247 ] In the rest of this chapter, we will assume that you have installed PyOpenSSL properly. Let us explain how to generate a pair of private key and certificate. To achieve this, we will use OpenSSL, a common open-source implementation of the SSL specification. Creating a Certificate and a Private Key Let's deal with the certificate and the private key: 1. First we need a private key: openssl genrsa -out server.key 2048 2. This key is not protected by a passphrase and therefore has a fairly weak protection. If you prefer providing a passphrase, you should issue a command like this: openssl genrsa -des3 -out server.key 2048 The program will require a passphrase. If your version of OpenSSL allows you to provide an empty string, do so. Otherwise, enter a default passphrase and then remove it from the generated key as follows: openssl rsa -in server.key -out server.key 3. Now we create a certificate as follows: openssl req -new -key server.key -out server.csr 4. This process will request you to input some details. The previous step has generated a certificate but it is not yet signed by the private key. To do so, you must issue the following command: openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt The newly signed certificate will be valid for 60 days. Note that, as the certificate is not signed by a recognized authority such as VeriSign, your browser will display a pop up when accessing the application, so that the user can accept or reject the certificate. Now, we can have a look at the different approaches for creating the certificate and the key. Deployment [ 248 ] Using the CherryPy SSL Support Let's see how we can do it: import cherrypy import os, os.path localDir = os.path.abspath(os.path.dirname(__file__)) CA = os.path.join(localDir, 'server.crt') KEY = os.path.join(localDir, 'server.key') def setup_server(): class Root: @cherrypy.expose def index(self): return "Hello there!" cherrypy.tree.mount(Root()) if __name__ == '__main__': setup_server() cherrypy.config.update({'server.socket_port': 8443, 'environment': 'production', 'log.screen': True, 'server.ssl_certificate': CA, 'server.ssl_private_key': KEY}) cherrypy.server.quickstart() cherrypy.engine.start() The key is to provide the server.ssl_certificate and server.ssl_private_key values to the global CherryPy configuration. The next step is to start the server; if everything went well, you should see the following message on your screen: HTTP Serving HTTPS on https://localhost:8443/ Chapter 10 [ 249 ] By navigating to the application URL, you should see a message such as: If you accept the certificate, you will be able to continue using the web application via HTTPS. One caveat of the previous solution is that now your application cannot be reached via non-secured HTTP. Luckily CherryPy provides a fairly easy way to work around this problem by simply starting two HTTP servers at once. You can see how it is done: import cherrypy from cherrypy import _cpwsgi from cherrypy import wsgiserver import os, os.path localDir = os.path.abspath(os.path.dirname(__file__)) CA = os.path.join(localDir, 'server.crt') KEY = os.path.join(localDir, 'server.key') def setup_app(): class Root: @cherrypy.expose Deployment [ 250 ] def index(self): return "Hello there!" cherrypy.tree.mount(Root()) if __name__ == '__main__': setup_app() # Create a server which will accept HTTP requests s1 = _cpwsgi.CPWSGIServer() # Create a server which will accept HTTPS requests s2 = _cpwsgi.CPWSGIServer() s2.ssl_certificate = CA s2.ssl_private_key = KEY # Our first server uses the default CherryPy settings # localhost, 8080. We thus provide distinct ones # for the HTTPS server. s2.bind_addr = ('localhost', 8443) # Inform CherryPy which servers to start and use cherrypy.server.httpservers = {s1: ('localhost', 8080), s2: ('localhost', 8443)} cherrypy.server.start() cherrypy.engine.start() Upon starting the application, you should now see the following lines on your screen: HTTP Serving HTTPS on https://localhost:8443/ HTTP Serving HTTP on http://localhost:8080/ Your application will now be reachable via HTTP and HTTPS. Using the lighttpd SSL Support Setting SSL support for lighttpd is as simple as adding the following to the global configuration of lighttpd: ssl.engine = "enable" ssl.pemfile = "/home/sylvain/application/server.pem" The server.pem file is the concatenation of the server.key and server.crt files that we have created before. For instance, under a UNIX System we issue the following command: cat server.key server.crt > server.pem Chapter 10 [ 251 ] By using those two lines and the proxy method, we have described in the previous section how to support SSL for the CherryPy application. Note, however, that the path between lighttpd and CherryPy will be HTTP not secured. SSL support will stop at the lighttpd level. Using the Apache mod_ssl Support This approach consists of using the mod_ssl module of Apache based on OpenSSL to handle the SSL exchange before forwarding the request to the CherryPy server, as we did with lighttpd. To do so, you need to modify your Apache configuration as follows: LoadModule ssl_module modules/mod_ssl.so Listen 127.0.0.1:443 The first line loads the mod_ssl module. The second line requests Apache to listen for incoming socket connections on a given IP address on port 443 (which requires administrator rights). Then, we modify VirtualHost, as follows: SSLEngine On SSLCertificateFile /home/sylvain/application/server.crt SSLCertificateKeyFile /home/sylvain/application/server.key Once you have restarted the Apache process, you should be able to navigate to the URL https://myapp.com. Summary In this chapter, we have reviewed a few possibilities to configure and deploy the CherryPy-based applications using common products such as Apache and lighttpd. We have also dealt with SSL support. These should give you enough to start with and adapt for your own environment and requirements. However, deployment goes beyond setting up web servers and this chapter does not cover the discussion of pushing the code into the production environment, neither does it explain how to update the application once in production. This is out of the scope of this chapter and hence not been discussed. Author's View If you have read this book, I can only assume that you are interested in the CherryPy library as a candidate for your personal projects. However, my motive behind writing this book was two-fold. Firstly, I wanted to provide a solid reference for CherryPy 3 that could, well hopefully, fill the curiosity of developers using it and this is what I have tried to achieve in the first four chapters of the book. Secondly, I wished to introduce you, my fellow reader to some of the different aspects of the development of web applications. I did not plan this book as a reference for all the subjects it gets onto, since it would have required ten other tomes. Instead, I have tried to provide you with some of the keys to make you understand that writing a web application is not any different from any other type of application in the process. With that perspective in mind, Chapter 5 taught us that the persistent mechanism like relational databases could be abstracted, thanks to object-relational mapping like Dejavu, SQLObject, or SQLAlchemy. This is a fundamental concept that allows you to design your application in a relaxed fashion with regards to the manipulated data. Thereafter, Chapter 6 reminded us that a web application could not only serve HTML pages but also expose an API referred to as a web service. This API is precisely what transforms our web application into an actual provider of valuable services. Does it mean we should forget about the actual user experience and be shallow on the designing of the interface of our application? Obviously not, and Chapters 7 and 8 review the idea behind templating before moving to the additional feature of client-side scripting and Ajax. Eventually, Chapter 9 makes sure that we never forget that an application that has not been tested is a broken one, while Chapter 10 provides a few tips to deploy our application in common environments. I hope this book will tell you a story of web application development that goes beyond CherryPy itself or any of the products introduced. A story that reminds us that there is no right or wrong but some paths that have already been explored might be good and could be trusted and sometimes they should be pushed even further. As I have said before, I have not written this book as a reference but as an introduction. It is quite possible that you think there are alternatives or better ways to achieve some of the topics covered. In such a case, I would be pleased to discuss this with you on the CherryPy mailing-lists. If on the other hand you close this book and think about parts of its content, then I will reach my goal. Founded in 2003 by the original CherryPy creator, WebFaction is a reliable and affordable hosting provider for your CherryPy applications. You can get an exclusive 20% discount by using the promo code "CHERRYPYBOOK" when you sign up with WebFaction, visit http://www.webfaction.com for more details. Index A AJAX about 164 advantages 165 disadvantages 165, 166 photoblog, applying to 178 XMLHttpRequest 166 Asynchronous JavaScript and XML. See  AJAX APP about 131 Atom XML-document 132, 133 implementing 134-136 application about 25 configuring 235 deploying 240 deploying, on Apache with mod_python 244, 245 deploying, on Apache with mod_python WSGI 246 deploying, on Apache with mod_rewrite 241-243 deploying, on lighttpd with mod_proxy 243 application server 25 Atom Publishing Protocol. See  APP Atom XML-document 132 C Cascading Style Sheets. See  CSS CherryPy about 7 advantages 10 APP 131 application 25 applications, configuring 235 applications, deploying 235, 240 application server 25 approach 8 AJAX 163 basic example 26 built-in server 32 community 9, 10 configuration file 235 configuring 33-36 core engine, hooking into 59-61 deploying 235 distutils 14 downloading 13 engine 32 engine, configuring 235-238 error handling 44-49 exception handling 44-48 exposed object 36 folder structure 14 functional testing 218 history 8, 9 hook points 60 HTTP features 51, 52 HTTP methods 124 HTTP server 32 HTTP server, multiple 52 installation, testing 23 installing 13 installing, easy_install used 18-20 installing, from Subversion 20-23 installing, tarball used 16, 17 installing overview 14, 15 JSON 176 [ 254 ] keywords used 25 library 38 library, working of 26-31 load testing 213 multi-threaded application server 54 multiple HTTP server 52 object publisher engine 36 overview 7, 8, 25 photoblog 91 photoblog, configuring 238 prerequisites 13 presentation layer 137 published object 36 Request-URI 37 REST 122 REST interface 130, 131 SSL 246 static resource serving 81 testing 193 toolbox 61 tools, creating 77-81 traditional web development 119, 120 unit testing 195 upgrading 23 URI 123 URI dispatching 55 web application server 25 web server 25 web server, configuring 235-238 web services 119 WSGI support 86 CSS 139 D DBMS, overview object oriented DBMS 96 relational DBMS 95 SQL joints, relational DBMS 96 SQL keywords, relational DBMS 95 XMLDBMS 97 DHTML about 141 encompassed technologies 141 Dynamic HTML. See  DHTML E easy_install about 18 CherryPy, for installing 18-20 PEAK 18 F functional testing about 218 applications 219 Selenium 219 H hook about 60 hook points 60 HTML 137 HTTP methods about 124-128 HyperText Markup Language. See  HTML J JavaScript Object Notation. See  JSON JSON about 176 deserialization 177 serialization 177 K Kid engine attributes 144-146 overview 142, 143 L library, CherryPy autoreload feature 39 caching module 39 coverage module 39 encoding/decoding module 40 Httpauth module 40 HTTP module 40 [ 255 ] profiler module 40 sessions module 41 static module 42 tidy module 42 Wsgiapp module 42 XML-RPC module 42 load testing about 213 working 214-218 M Mochikit about 156 components 156, 157 multi-threaded application server 54 multiple HTTP servers 52 O object-relational mapping about 97 object-relational mappers 97 python object-relational mappers 98-108 P photoblog, AJAX classes, adding methods to 179-183 method, for deleting existing album 190, 191 method, for new album 183-189 method, for updating existing album 190 namespace, implementing 179 required namespace, defining 178 photoblog about 91 AJAX, applying 178 configuring 238, 239 data access layer, extending 114, 115 DBMS, overview 95 entities 92-94 entities, mapping 109-111 entity modeling 108 object-relational mapping 97 sandbox interface 112, 113 terminology 94, 95 UnitProperties 111 units 111 units, associating 112 units, querying 113, 114 Photoblog design basic structure 151-156 design directory layout 149 developing 157 global design goals 148 template rendering, encapsulating 149, 150 tools 148 user agent targeted 147 Photoblog design, developing CSS, amending 159, 160 end-user actions, handling 158, 159 HTML code 157, 158 link, adding 158 template, amending 159 presentation layer about 137 CSS 139, 140 DHTML 141 HTML 137 Mochikit 156 Photoblog design 147 XHTML 138, 139 XML 138 python object-relational mappers about 98 access to database, setting up 102 data, loading 104 data, manipulating 105 entities, mapping 98 tables, manipulating 103 types 98 R Representational State Transfer. See  REST REST about 122 advantages 123 elements 123 through CherryPy 130, 131 [ 256 ] S Secure Sockets Layer. See  SSL Selenium about 219 core 222-227 IDE 227-230 packages 219 Remote Control 231, 232 SSL about 246 Apache mod_ssl support 251 certificate, creating 247 in CherryPy 248-250 in lighttpd 250 private key, creating 247 static resource serving about 81 directory, Staticdir tool used 83-85 single file, Staticfile tool used 81-83 static content, static tools bypased 85, 86 Subversion about 20 basic principle 20 CherryPy, for installing 20-22 T tarball about 16 CherryPy, for installing 16, 17 templating engines features 142 Kid engine 142 testing applications 219 approach 195 functional testing 218 load testing 213 need for 193 planning 194 unit testing 195 toolbox, CherryPy basic authentication tool 62 caching tool 63 decoding tool 64 digest authentication tool 65 encode tool 66 error redirect tool 67 Etag tool 67 Gzip tool 69 ignore headers tool 69 log headers tool 70 log tracebacks tool 71 proxy tool 72 referer tool 73 response headers tool 74 tool, creating 77-81 trailing slash tool 75 XML-RPC tool 76 tools, CherryPy creating 77-81 setting up 43 U Uniform Resource Identifiers. See  URI unit testing about 195 doctest 201-204 unittest 196-201 web application 205-213 URI about 123 subsets 124 URI dispatching about 55 HTTP method dispatcher 55-57 Routes dispatcher 57, 58 virtual host dispatcher 58, 59 W web application server 25 web server 25 Web Server Gateway Interface. See  WSGI web services APP 131 HTTP methods 124 REST 122 separation of concerns 121, 122 traditional web development 119, 120 URI 123 WSGI about 86 [ 257 ] CherryPy WSGI application, hosting 89, 90 components 86 purpose 86 WSGI application, hosting 87 X XMLHttpRequest about 166 attributes 166 authenticating, basic scheme used 170-176 authenticating, digest scheme used 170-176 content negotiated GET request, performing 168, 169 cookies 170 DELETE request, performing 170 GET request, performing 167, 168 HEAD request, performing 170 methods 167 POST request, performing 169 PUT request, performing 170 XML document, POSTing 169, 170 XHTML about 138 features 138 XML 138