Minor Auth0 improvements

[mraible]

Improve Auth0 documentation in README.

NOTE: I was not able to get Cypress to work with Auth0. I set E2E_USERNAME and E2E_PASSWORD, but there are no successful tests.

       Spec                                              Tests  Passing  Failing  Pending  Skipped
  ┌────────────────────────────────────────────────────────────────────────────────────────────────┐
  │ ✖  administration/administration.spec.      00:03        5        -        1        -        4 │
  │    ts                                                                                          │
  ├────────────────────────────────────────────────────────────────────────────────────────────────┤
  │ ✖  entity/album.spec.ts                     00:03        6        -        1        -        5 │
  ├────────────────────────────────────────────────────────────────────────────────────────────────┤
  │ ✖  entity/photo.spec.ts                     00:03        6        -        1        -        5 │
  ├────────────────────────────────────────────────────────────────────────────────────────────────┤
  │ ✖  entity/tag.spec.ts                       00:03        6        -        1        -        5 │
  └────────────────────────────────────────────────────────────────────────────────────────────────┘
    ✖  4 of 4 failed (100%)                     00:12       23        -        4        -       19

Execution time: 28 s.

---

Please make sure the below checklist is followed for Pull Requests.

• All continuous integration tests are green
• Tests are added where necessary
• The JDL part is updated if necessary
• jhipster-online is updated if necessary
• Documentation is added/updated where necessary
• Coding Rules & Commit Guidelines as per our CONTRIBUTING.md document are followed

[mraible]

Discovered I was using the wrong variables for Cypress. When using the following, it works:

export CYPRESS_E2E_USERNAME=<your-username>
export CYPRESS_E2E_PASSWORD=<your-password>

[mraible]

I spoke too soon! Only 1 of 4 tests pass with Auth0 + Cypress and the app from this issue.

       Spec                                              Tests  Passing  Failing  Pending  Skipped
  ┌────────────────────────────────────────────────────────────────────────────────────────────────┐
  │ ✔  administration/administration.spec.      00:22        5        5        -        -        - │
  │    ts                                                                                          │
  ├────────────────────────────────────────────────────────────────────────────────────────────────┤
  │ ✖  entity/album.spec.ts                     00:23        6        1        1        -        4 │
  ├────────────────────────────────────────────────────────────────────────────────────────────────┤
  │ ✖  entity/photo.spec.ts                     00:09        6        -        1        -        5 │
  ├────────────────────────────────────────────────────────────────────────────────────────────────┤
  │ ✖  entity/tag.spec.ts                       00:09        6        -        1        -        5 │
  └────────────────────────────────────────────────────────────────────────────────────────────────┘
    ✖  3 of 4 failed (75%)                      01:04       23        6        3        -       14

Execution time: 1 min. 21 s.

[vishal423]

What error do you see?

[mraible]

@vishal423 I'm used to seeing the browser show me the Cypress tests running. When I run npm run e2e, it runs headless. Did something change recently, or maybe React is different from Angular? Here are the failures from the album.spec.ts test:

Edit: removed duplicate failures.

[mraible]

Added bug bounty in hopes of getting Cypress + Auth0 tests fixed.

[mshima]

I have 2 difficulties:

• I removed scope: openid,profile,email since it wasn't in the documentation
• Environment cannot have some chars without quotes.

But it worked with those.

[mshima]

I will create a blueprint and daily builds for auth0

[vishal423]

@vishal423 I'm used to seeing the browser show me the Cypress tests running. When I run npm run e2e, it runs headless. Did something change recently, or maybe React is different from Angular? Here are the failures from the album.spec.ts test:

@mraible The interactive run behavior got changed in the latest Cypress versions. If you want to run tests in an interactive mode, then pass the --headed flag. I think headless is the default option. This should be relevant to all client framework options.

From the above screenshots, it's not clear if the issue is with Auth0 authentication. Can you enable console logs for failure so that we can check which API invocation is failing?

[vishal423]

I prefer to remove the documentation from here and update relevant docs on JHipster.tech. I think I still have that PR in the open state. If you have any further improvements on that, then you can comment directly on that.

[mraible]

Can you enable console logs for failure so that we can check which API invocation is failing?

How do I do that?

[vishal423]

Can you enable console logs for failure so that we can check which API invocation is failing?

How do I do that?

You can try following steps listed under comment jhipster/generator-jhipster-svelte#495 (comment)

[mraible]

@vishal423 If the default has changed to headless, maybe we should change or remove some of the commands for headless? Or change our default to headed to keep backward compatibility with previous 7.x releases?

    "e2e": "npm run e2e:cypress",
    "pree2e:headless": "npm run ci:server:await",
    "e2e:headless": "npm run e2e:cypress:headless",
    "e2e:cypress:headless": "npm run e2e:cypress -- --headless",
    "e2e:cypress": "cypress run --browser chrome --record ${CYPRESS_ENABLE_RECORD:-false}",

[mraible]

If I add my Auth0 credentials to cypress.json:

  "env": {
    "E2E_USERNAME": "XXX",
    "E2E_PASSWORD": "YYY"
  }

And then run npx cypress open to run the tests, it seems like it's failing to log out. This seems to happen when I run the entity tests as well.

[vishal423]

And then run npx cypress open to run the tests, it seems like it's failing to log out. This seems to happen when I run the entity tests as well.

The issue doesn't seem to be related to logout. I can see /api/account call failure with 401 response and that points an authentication issue. Unfortunately, I am on a slower network and can't connect with auth0 jwk endpoints within the threshold limit of 500ms to bring up local application pointing to auth0 (I will try sometime later, but not very optimistic about connectivity improvement and also don't see an easy way to override these timeout 😞 ). To identify the real cause, you can try opening the console and check each authentication flow API response.

[vishal423]

@vishal423 If the default has changed to headless, maybe we should change or remove some of the commands for headless? Or change our default to headed to keep backward compatibility with previous 7.x releases?

    "e2e": "npm run e2e:cypress",
    "pree2e:headless": "npm run ci:server:await",
    "e2e:headless": "npm run e2e:cypress:headless",
    "e2e:cypress:headless": "npm run e2e:cypress -- --headless",
    "e2e:cypress": "cypress run --browser chrome --record ${CYPRESS_ENABLE_RECORD:-false}",

I think this change got lost in dependabot upgrades and was not intentional. I will raise a separate PR to fix this.

[vishal423]

Fortunately, today, I could start the test application with the auth0 OIDC provider and don't see the issue with cypress tests.

[mraible]

@vishal423 These tests pass for me too. It's the entity tests that fail.

[vishal423]

@vishal423 These tests pass for me too. It's the entity tests that fail.

do you have JDL that fails?

[mraible]

JHipster configuration, a .yo-rc.json file generated in the root folder

.yo-rc.json file

{
  "generator-jhipster": {
    "applicationType": "monolith",
    "baseName": "gallery",
    "jhipsterVersion": "7.1.0",
    "skipClient": false,
    "skipServer": false,
    "skipUserManagement": true,
    "skipCheckLengthOfIdentifier": false,
    "skipFakeData": false,
    "jhiPrefix": "jhi",
    "entitySuffix": "",
    "dtoSuffix": "DTO",
    "testFrameworks": ["cypress"],
    "blueprints": [],
    "otherModules": [],
    "pages": [],
    "creationTimestamp": 1630470306439,
    "serviceDiscoveryType": "no",
    "reactive": false,
    "authenticationType": "oauth2",
    "packageName": "org.jhipster.gallery",
    "serverPort": "8080",
    "cacheProvider": "ehcache",
    "enableHibernateCache": true,
    "databaseType": "sql",
    "devDatabaseType": "h2Disk",
    "prodDatabaseType": "postgresql",
    "buildTool": "maven",
    "serverSideOptions": [],
    "websocket": false,
    "searchEngine": false,
    "messageBroker": false,
    "enableSwaggerCodegen": false,
    "clientFramework": "react",
    "withAdminUi": true,
    "clientTheme": "none",
    "enableTranslation": true,
    "nativeLanguage": "en",
    "devServerPort": 9060,
    "clientPackageManager": "npm",
    "clientThemeVariant": "",
    "languages": ["en", "pt-br"],
    "entities": ["Album", "Photo", "Tag"],
    "lastLiquibaseTimestamp": 1630470748000
  }
}

JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory

JDL entity definitions

entity Album {
  title String required
  description TextBlob
  created Instant
}
entity Photo {
  title String required
  description TextBlob
  image ImageBlob required
  height Integer
  width Integer
  taken Instant
  uploaded Instant
}
entity Tag {
  name String required minlength(2)
}
relationship ManyToOne {
  Album{user(login)} to User
  Photo{album(title)} to Album
}
relationship ManyToMany {
  Photo{tag(name)} to Tag{photo}
}

paginate Album with pagination
paginate Photo, Tag with infinite-scroll

[vishal423]

I don't see issue with entities as well:

[vishal423]

[mraible]

Maybe it's just my Auth0 org? That's possible. I thought it might've been caused by the Google Social Login I had enabled. However, after removing that, my results are the same.

[vishal423]

Can you check once if your auth0 account is exceeding rate limits resulting in denied authentication?

[mraible]

I thought about that, but I haven't seen any alerts or received any notifications. I'm not sure where to look for it in Auth0's console either. I turned off Suspicious IP Throttling, but that didn't help. I even tried deleting the administration test, thinking that others would succeed if I took it out. One test does, but not all.

Then I noticed this in my logs. Seems to be rate-limiting that's causing the issue!

{X-RateLimit-Limit: 10}{X-RateLimit-Remaining: 0}{X-RateLimit-Reset: 1630781443}

[mraible]

I tried upgrading to an "Essentials" account for $23/month, but it doesn't help the problem. I guess this is motivation to test against Keycloak in CI!

[mraible]

I believe this is the source of the issue: https://auth0.com/docs/support/policies/rate-limit-policy/database-connections-rate-limits

If a user attempts to log in 20 times per minute as the same user from the same IP, regardless of having the correct credentials, the rate limit will come into effect. When this happens, the user can make 10 attempts per minute.

[mshima]

We can try the new cypress session api.
It’s experimental, but it log in once and keep the session up.

[vishal423]

I tried upgrading to an "Essentials" account for $23/month, but it doesn't help the problem. I guess this is motivation to test against Keycloak in CI!

This behavior is well documented in cypress auth0 integration docs along with solution: https://docs.cypress.io/guides/testing-strategies/auth0-authentication#Auth0-Rate-Limiting-Logins