X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ac975ab3e027c2b7bca986f218e6e81c45f292cb..38d27e9783f7f760cee84cc225e86144069848c4:/cypress/integration/login.spec.js diff --git a/cypress/integration/login.spec.js b/cypress/integration/login.spec.js index 1082819c56..aeea01cdcf 100644 --- a/cypress/integration/login.spec.js +++ b/cypress/integration/login.spec.js @@ -3,48 +3,132 @@ // SPDX-License-Identifier: AGPL-3.0 describe('Login tests', function() { + let activeUser; + let inactiveUser; + let adminUser; + let randomUser = {}; + before(function() { - this.email = `account_${Math.random()}@example.com` - this.password = Math.random() - this.firstName = 'Test' - this.lastName = 'User' + // Only set up common users once. These aren't set up as aliases because + // aliases are cleaned up after every test. Also it doesn't make sense + // to set the same users on beforeEach() over and over again, so we + // separate a little from Cypress' 'Best Practices' here. + cy.getUser('admin', 'Admin', 'User', true, true) + .as('adminUser').then(function() { + adminUser = this.adminUser; + } + ); + cy.getUser('active', 'Active', 'User', false, true) + .as('activeUser').then(function() { + activeUser = this.activeUser; + } + ); + cy.getUser('inactive', 'Inactive', 'User', false, false) + .as('inactiveUser').then(function() { + inactiveUser = this.inactiveUser; + } + ); + randomUser.username = `randomuser${Math.floor(Math.random() * 999999)}`; + randomUser.password = { + crypt: 'zpAReoZzPnwmQ', + clear: 'topsecret', + }; + cy.exec(`useradd ${randomUser.username} -p ${randomUser.password.crypt}`); + }) + + after(function() { + cy.exec(`userdel ${randomUser.username}`); }) beforeEach(function() { + cy.clearCookies() + cy.clearLocalStorage() + }) + + it('shows login page on first visit', function() { cy.visit('/') - cy.contains('Please log in') - cy.get('button').contains('Log in').click() - cy.url().should('contain', "/users/sign_in") - }) - - it('register a new user', function() { - cy.get('a[role=button]').contains('Sign up for a new account').click() - cy.url().should('contain', '/users/sign_up') - cy.get('input[name="user[first_name]"]').type(this.firstName) - cy.get('input[name="user[last_name]"]').type(this.lastName) - cy.get('input[name="user[email]"]').type(this.email) - cy.get('input[name="user[password]"]').type(this.password) - cy.get('input[name="user[password_confirmation]"]').type(this.password) - cy.get('input[type=submit]').contains('Sign up').click() - cy.url().should('contain', '/projects/') - cy.get('button[title="Account Management"]').click() - cy.get('ul[role=menu] > li[role=menuitem]').contains(`${this.firstName} ${this.lastName}`) - }) - - it('logs in successfully', function() { - cy.get('input[type=email]').type(this.email) - cy.get('input[type=password]').type(this.password) - cy.get('input[type=submit]').contains('Sign in').click() - cy.url().should('contain', '/projects/') - cy.get('button[title="Account Management"]').click() - cy.get('ul[role=menu] > li[role=menuitem]').contains(`${this.firstName} ${this.lastName}`) - }) - - it('fails to log in with incorrect password', function() { - cy.get('input[type=email]').type(this.email) - cy.get('input[type=password]').type('incorrect') - cy.get('input[type=submit]').contains('Sign in').click() - cy.url().should('contain', "/users/sign_in") - cy.get('div.alert').contains('Invalid email or password') + cy.get('div#root').should('contain', 'Please log in') + cy.url().should('not.contain', '/projects/') + }) + + it('shows login page with no token', function() { + cy.visit('/token/?api_token=') + cy.get('div#root').should('contain', 'Please log in') + cy.url().should('not.contain', '/projects/') + }) + + it('shows inactive page to inactive user', function() { + cy.visit(`/token/?api_token=${inactiveUser.token}`) + cy.get('div#root').should('contain', 'Your account is inactive'); + }) + + it('shows login page with invalid token', function() { + cy.visit('/token/?api_token=nope') + cy.get('div#root').should('contain', 'Please log in') + cy.url().should('not.contain', '/projects/') + }) + + it('logs in successfully with valid user token', function() { + cy.visit(`/token/?api_token=${activeUser.token}`); + cy.url().should('contain', '/projects/'); + cy.get('div#root').should('contain', 'Arvados Workbench (zzzzz)'); + cy.get('div#root').should('not.contain', 'Your account is inactive'); + cy.get('button[title="Account Management"]').click(); + cy.get('ul[role=menu] > li[role=menuitem]').contains( + `${activeUser.user.first_name} ${activeUser.user.last_name}`); + }) + + it('logs out when token no longer valid', function() { + // Log in + cy.visit(`/token/?api_token=${activeUser.token}`); + cy.url().should('contain', '/projects/'); + cy.get('div#root').should('contain', 'Arvados Workbench (zzzzz)'); + cy.get('div#root').should('not.contain', 'Your account is inactive'); + // Invalidate own token. + const tokenUuid = activeUser.token.split('/')[1]; + cy.doRequest('PUT', `/arvados/v1/api_client_authorizations/${tokenUuid}`, { + id: tokenUuid, + api_client_authorization: JSON.stringify({ + api_token: `randomToken${Math.floor(Math.random() * 999999)}` + }) + }, null, activeUser.token, true); + // Should log the user out. + cy.visit('/'); + cy.get('div#root').should('contain', 'Please log in'); + }) + + it('logs in successfully with valid admin token', function() { + cy.visit(`/token/?api_token=${adminUser.token}`); + cy.url().should('contain', '/projects/'); + cy.get('div#root').should('contain', 'Arvados Workbench (zzzzz)'); + cy.get('div#root').should('not.contain', 'Your account is inactive'); + cy.get('button[title="Admin Panel"]').click(); + cy.get('ul[role=menu] > li[role=menuitem]') + .contains('Repositories') + .type('{esc}'); + cy.get('button[title="Account Management"]').click(); + cy.get('ul[role=menu] > li[role=menuitem]').contains( + `${adminUser.user.first_name} ${adminUser.user.last_name}`); + }) + + it('fails to authenticate using the login form with wrong password', function() { + cy.visit('/'); + cy.get('#username').type(randomUser.username); + cy.get('#password').type('wrong password'); + cy.get("button span:contains('Log in')").click(); + cy.get('p#password-helper-text').should('contain', 'PAM: Authentication failure'); + cy.url().should('not.contain', '/projects/'); + }) + + it('successfully authenticates using the login form', function() { + cy.visit('/'); + cy.get('#username').type(randomUser.username); + cy.get('#password').type(randomUser.password.clear); + cy.get("button span:contains('Log in')").click(); + cy.url().should('contain', '/projects/'); + cy.get('div#root').should('contain', 'Arvados Workbench (zzzzz)'); + cy.get('div#root').should('contain', 'Your account is inactive'); + cy.get('button[title="Account Management"]').click(); + cy.get('ul[role=menu] > li[role=menuitem]').contains(randomUser.username); }) }) \ No newline at end of file