forgejo/tests/e2e/webauthn.test.e2e.js

// Copyright 2024 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: MIT
// @ts-check

// @watch start
// templates/user/auth/**
// templates/user/settings/**
// web_src/js/features/user-**
// @watch end

import {expect} from '@playwright/test';
import {test, create_temp_user} from './utils_e2e.js';

test('WebAuthn register & login flow', async ({browser, request}, workerInfo) => {
  test.skip(workerInfo.project.name !== 'chromium', 'Uses Chrome protocol');
  const {context, username} = await create_temp_user(browser, workerInfo, request);
  const page = await context.newPage();

  // Register a security key.
  let response = await page.goto('/user/settings/security');
  await expect(response?.status()).toBe(200);

  // https://github.com/microsoft/playwright/issues/7276#issuecomment-1516768428
  const cdpSession = await page.context().newCDPSession(page);
  await cdpSession.send('WebAuthn.enable');
  await cdpSession.send('WebAuthn.addVirtualAuthenticator', {
    options: {
      protocol: 'ctap2',
      ctap2Version: 'ctap2_1',
      hasUserVerification: true,
      transport: 'usb',
      automaticPresenceSimulation: true,
      isUserVerified: true,
      backupEligibility: true,
    },
  });

  await page.locator('input#nickname').fill('Testing Security Key');
  await page.getByText('Add security key').click();

  // Logout.
  await page.locator('div[aria-label="Profile and settings…"]').click();
  await page.getByText('Sign Out').click();
  await page.waitForURL(`${workerInfo.project.use.baseURL}/`);

  // Login.
  response = await page.goto('/user/login');
  await expect(response?.status()).toBe(200);

  await page.getByLabel('Username or email address').fill(username);
  await page.getByLabel('Password').fill('password');
  await page.getByRole('button', {name: 'Sign in'}).click();
  await page.waitForURL(`${workerInfo.project.use.baseURL}/user/webauthn`);
  await page.waitForURL(`${workerInfo.project.use.baseURL}/`);

  // Cleanup.
  response = await page.goto('/user/settings/security');
  await expect(response?.status()).toBe(200);
  await page.getByRole('button', {name: 'Remove'}).click();
  await page.getByRole('button', {name: 'Yes'}).click();
  await page.waitForURL(`${workerInfo.project.use.baseURL}/user/settings/security`);
});
[FEAT] Add support for webauthn credential level 3 - For WebAuthn Credential level 3, the `backup_eligible` and `backup_state` flags are checked if they are consistent with the values given on login. Forgejo never stored this data, so add a database migration that makes all webauthn credentials 'legacy' and on the next first use capture the values of `backup_eligible` and `backup_state`. As suggested in https://github.com/go-webauthn/webauthn/discussions/219#discussioncomment-10429662 - Adds unit tests. - Add E2E test. 2024-08-28 05:40:40 +00:00			`// Copyright 2024 The Forgejo Authors. All rights reserved.`
			`// SPDX-License-Identifier: MIT`
			`// @ts-check`

tests(e2e): Allow tests to run only on file changes - supports glob patterns in testfiles - only runs tests on changes - always runs tests without specified patterns tests(e2e): refactor global watch patterns tests(e2e): add watch patterns to test files 2024-09-11 20:34:33 +00:00			`// @watch start`
			`// templates/user/auth/**`
			`// templates/user/settings/**`
			`// web_src/js/features/user-**`
			`// @watch end`

[FEAT] Add support for webauthn credential level 3 - For WebAuthn Credential level 3, the `backup_eligible` and `backup_state` flags are checked if they are consistent with the values given on login. Forgejo never stored this data, so add a database migration that makes all webauthn credentials 'legacy' and on the next first use capture the values of `backup_eligible` and `backup_state`. As suggested in https://github.com/go-webauthn/webauthn/discussions/219#discussioncomment-10429662 - Adds unit tests. - Add E2E test. 2024-08-28 05:40:40 +00:00			`import {expect} from '@playwright/test';`
feat: Create temporary user helper function - Add a helper function that creates and log into a temporary user. So it doesn't affect other users and tests and the test can more easily be retried with a 'fresh' state instead of a broken state. - Adjust the Webauthn test to make use of this. - Relevant: #5291, #5394 2024-10-19 20:40:08 +00:00			`import {test, create_temp_user} from './utils_e2e.js';`
[FEAT] Add support for webauthn credential level 3 - For WebAuthn Credential level 3, the `backup_eligible` and `backup_state` flags are checked if they are consistent with the values given on login. Forgejo never stored this data, so add a database migration that makes all webauthn credentials 'legacy' and on the next first use capture the values of `backup_eligible` and `backup_state`. As suggested in https://github.com/go-webauthn/webauthn/discussions/219#discussioncomment-10429662 - Adds unit tests. - Add E2E test. 2024-08-28 05:40:40 +00:00
feat: Create temporary user helper function - Add a helper function that creates and log into a temporary user. So it doesn't affect other users and tests and the test can more easily be retried with a 'fresh' state instead of a broken state. - Adjust the Webauthn test to make use of this. - Relevant: #5291, #5394 2024-10-19 20:40:08 +00:00			`test('WebAuthn register & login flow', async ({browser, request}, workerInfo) => {`
[FEAT] Add support for webauthn credential level 3 - For WebAuthn Credential level 3, the `backup_eligible` and `backup_state` flags are checked if they are consistent with the values given on login. Forgejo never stored this data, so add a database migration that makes all webauthn credentials 'legacy' and on the next first use capture the values of `backup_eligible` and `backup_state`. As suggested in https://github.com/go-webauthn/webauthn/discussions/219#discussioncomment-10429662 - Adds unit tests. - Add E2E test. 2024-08-28 05:40:40 +00:00			`test.skip(workerInfo.project.name !== 'chromium', 'Uses Chrome protocol');`
feat: Create temporary user helper function - Add a helper function that creates and log into a temporary user. So it doesn't affect other users and tests and the test can more easily be retried with a 'fresh' state instead of a broken state. - Adjust the Webauthn test to make use of this. - Relevant: #5291, #5394 2024-10-19 20:40:08 +00:00			`const {context, username} = await create_temp_user(browser, workerInfo, request);`
[FEAT] Add support for webauthn credential level 3 - For WebAuthn Credential level 3, the `backup_eligible` and `backup_state` flags are checked if they are consistent with the values given on login. Forgejo never stored this data, so add a database migration that makes all webauthn credentials 'legacy' and on the next first use capture the values of `backup_eligible` and `backup_state`. As suggested in https://github.com/go-webauthn/webauthn/discussions/219#discussioncomment-10429662 - Adds unit tests. - Add E2E test. 2024-08-28 05:40:40 +00:00			`const page = await context.newPage();`

			`// Register a security key.`
			`let response = await page.goto('/user/settings/security');`
			`await expect(response?.status()).toBe(200);`

			`// https://github.com/microsoft/playwright/issues/7276#issuecomment-1516768428`
			`const cdpSession = await page.context().newCDPSession(page);`
			`await cdpSession.send('WebAuthn.enable');`
			`await cdpSession.send('WebAuthn.addVirtualAuthenticator', {`
			`options: {`
			`protocol: 'ctap2',`
			`ctap2Version: 'ctap2_1',`
			`hasUserVerification: true,`
			`transport: 'usb',`
			`automaticPresenceSimulation: true,`
			`isUserVerified: true,`
			`backupEligibility: true,`
			`},`
			`});`

			`await page.locator('input#nickname').fill('Testing Security Key');`
			`await page.getByText('Add security key').click();`

			`// Logout.`
			`await page.locator('div[aria-label="Profile and settings…"]').click();`
			`await page.getByText('Sign Out').click();`
			await page.waitForURL(`${workerInfo.project.use.baseURL}/`);

			`// Login.`
			`response = await page.goto('/user/login');`
			`await expect(response?.status()).toBe(200);`

feat: Create temporary user helper function - Add a helper function that creates and log into a temporary user. So it doesn't affect other users and tests and the test can more easily be retried with a 'fresh' state instead of a broken state. - Adjust the Webauthn test to make use of this. - Relevant: #5291, #5394 2024-10-19 20:40:08 +00:00			`await page.getByLabel('Username or email address').fill(username);`
[FEAT] Add support for webauthn credential level 3 - For WebAuthn Credential level 3, the `backup_eligible` and `backup_state` flags are checked if they are consistent with the values given on login. Forgejo never stored this data, so add a database migration that makes all webauthn credentials 'legacy' and on the next first use capture the values of `backup_eligible` and `backup_state`. As suggested in https://github.com/go-webauthn/webauthn/discussions/219#discussioncomment-10429662 - Adds unit tests. - Add E2E test. 2024-08-28 05:40:40 +00:00			`await page.getByLabel('Password').fill('password');`
			`await page.getByRole('button', {name: 'Sign in'}).click();`
			await page.waitForURL(`${workerInfo.project.use.baseURL}/user/webauthn`);
			await page.waitForURL(`${workerInfo.project.use.baseURL}/`);

			`// Cleanup.`
			`response = await page.goto('/user/settings/security');`
			`await expect(response?.status()).toBe(200);`
			`await page.getByRole('button', {name: 'Remove'}).click();`
			`await page.getByRole('button', {name: 'Yes'}).click();`
			await page.waitForURL(`${workerInfo.project.use.baseURL}/user/settings/security`);
			`});`