diff --git a/packages/functional-tests/lib/testAccountTracker.ts b/packages/functional-tests/lib/testAccountTracker.ts index fc844364b72..0405cf72677 100644 --- a/packages/functional-tests/lib/testAccountTracker.ts +++ b/packages/functional-tests/lib/testAccountTracker.ts @@ -261,10 +261,14 @@ export class TestAccountTracker { const password = this.generatePassword(); // Send passwordless code - await this.target.authClient.passwordlessSendCode(email, { - clientId: this.target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await this.target.authClient.passwordlessSendCode( + email, + { + clientId: this.target.relierClientID, + service: SUPPORTED_SERVICE, + }, + this.target.ciHeader + ); // Get OTP from email const code = await this.target.emailClient.getPasswordlessSignupCode(email); @@ -276,7 +280,8 @@ export class TestAccountTracker { { clientId: this.target.relierClientID, service: SUPPORTED_SERVICE, - } + }, + this.target.ciHeader ); // Track for cleanup - mark as passwordless so cleanup knows to handle specially @@ -457,10 +462,14 @@ export class TestAccountTracker { ): Promise { try { // Send passwordless code - await this.target.authClient.passwordlessSendCode(account.email, { - clientId: this.target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await this.target.authClient.passwordlessSendCode( + account.email, + { + clientId: this.target.relierClientID, + service: SUPPORTED_SERVICE, + }, + this.target.ciHeader + ); // Get OTP from email const code = await this.target.emailClient.getPasswordlessSigninCode( @@ -474,7 +483,8 @@ export class TestAccountTracker { { clientId: this.target.relierClientID, service: SUPPORTED_SERVICE, - } + }, + this.target.ciHeader ); let sessionToken = result.sessionToken; diff --git a/packages/functional-tests/tests/passwordless/passwordlessApi.spec.ts b/packages/functional-tests/tests/passwordless/passwordlessApi.spec.ts index 4045c79665a..fd2bb34c290 100644 --- a/packages/functional-tests/tests/passwordless/passwordlessApi.spec.ts +++ b/packages/functional-tests/tests/passwordless/passwordlessApi.spec.ts @@ -12,17 +12,26 @@ async function getPasswordlessSession( email: string, isNew: boolean ) { - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); const code = isNew ? await target.emailClient.getPasswordlessSignupCode(email) : await target.emailClient.getPasswordlessSigninCode(email); - return target.authClient.passwordlessConfirmCode(email, code, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + return target.authClient.passwordlessConfirmCode( + email, + code, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); } test.describe('severity-2', () => { @@ -36,10 +45,14 @@ test.describe('severity-2', () => { const { email } = testAccountTracker.generatePasswordlessAccountDetails(); - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); const code = await target.emailClient.getPasswordlessSignupCode(email); expect(code).toBeTruthy(); @@ -51,10 +64,14 @@ test.describe('severity-2', () => { }) => { const { email } = await testAccountTracker.signUpPasswordless(); - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); const code = await target.emailClient.getPasswordlessSigninCode(email); expect(code).toBeTruthy(); @@ -67,10 +84,14 @@ test.describe('severity-2', () => { const credentials = await testAccountTracker.signUp(); try { - await target.authClient.passwordlessSendCode(credentials.email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessSendCode( + credentials.email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); expect( true, 'passwordlessSendCode should have been rejected for password account' @@ -88,9 +109,13 @@ test.describe('severity-2', () => { testAccountTracker.generatePasswordlessAccountDetails(); try { - await target.authClient.passwordlessSendCode(email, { - clientId: 'deadbeefdeadbeef', - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: 'deadbeefdeadbeef', + }, + target.ciHeader + ); expect( true, 'passwordlessSendCode should have been rejected for non-allowlisted client' @@ -112,10 +137,14 @@ test.describe('severity-2', () => { (a) => a.email === email ); - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); const code = await target.emailClient.getPasswordlessSignupCode(email); const result = await target.authClient.passwordlessConfirmCode( @@ -124,7 +153,8 @@ test.describe('severity-2', () => { { clientId: target.relierClientID, service: SUPPORTED_SERVICE, - } + }, + target.ciHeader ); expect(result.verified).toBe(true); @@ -150,10 +180,14 @@ test.describe('severity-2', () => { ); const password = account?.password || ''; - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); const code = await target.emailClient.getPasswordlessSigninCode(email); const result = await target.authClient.passwordlessConfirmCode( @@ -162,7 +196,8 @@ test.describe('severity-2', () => { { clientId: target.relierClientID, service: SUPPORTED_SERVICE, - } + }, + target.ciHeader ); expect(result.verified).toBe(true); @@ -185,19 +220,28 @@ test.describe('severity-2', () => { const { email } = testAccountTracker.generatePasswordlessAccountDetails(); - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); // Consume the real code so we can test with a bogus one await target.emailClient.getPasswordlessSignupCode(email); try { - await target.authClient.passwordlessConfirmCode(email, '00000000', { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessConfirmCode( + email, + '00000000', + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); expect( true, 'passwordlessConfirmCode should have rejected invalid OTP' @@ -231,16 +275,21 @@ test.describe('severity-2', () => { account.sessionToken = sessionToken; } - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); const code = await target.emailClient.getPasswordlessSigninCode(email); const result = await target.authClient.passwordlessConfirmCode( email, code, - { clientId: target.relierClientID, service: SUPPORTED_SERVICE } + { clientId: target.relierClientID, service: SUPPORTED_SERVICE }, + target.ciHeader ); expect(result.verified).toBe(false); @@ -273,24 +322,33 @@ test.describe('severity-2', () => { (a) => a.email === email ); - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); await target.emailClient.getPasswordlessSignupCode(email); - await target.authClient.passwordlessResendCode(email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessResendCode( + email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); const code = await target.emailClient.getPasswordlessSignupCode(email); const result = await target.authClient.passwordlessConfirmCode( email, code, - { clientId: target.relierClientID, service: SUPPORTED_SERVICE } + { clientId: target.relierClientID, service: SUPPORTED_SERVICE }, + target.ciHeader ); expect(result.verified).toBe(true); @@ -430,10 +488,14 @@ test.describe('severity-2', () => { // Passwordless send should be rejected after password creation try { - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); expect( true, 'passwordlessSendCode should have been rejected for account with password' diff --git a/packages/functional-tests/tests/passwordless/signinPasswordless.spec.ts b/packages/functional-tests/tests/passwordless/signinPasswordless.spec.ts index 02742f6dad8..16405de2ecc 100644 --- a/packages/functional-tests/tests/passwordless/signinPasswordless.spec.ts +++ b/packages/functional-tests/tests/passwordless/signinPasswordless.spec.ts @@ -165,15 +165,20 @@ test.describe('severity-1 #smoke', () => { // Use the API directly to get an unverified session token // (bypasses browser UI so we can test the session before TOTP) - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + }, + target.ciHeader + ); const otpCode = await target.emailClient.getPasswordlessSigninCode(email); const confirmResult = await target.authClient.passwordlessConfirmCode( email, otpCode, - { clientId: target.relierClientID } + { clientId: target.relierClientID }, + target.ciHeader ); // The session should be unverified (TOTP pending) @@ -224,17 +229,26 @@ test.describe('severity-1 #smoke', () => { email: string, isNew: boolean ) { - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); const code = isNew ? await target.emailClient.getPasswordlessSignupCode(email) : await target.emailClient.getPasswordlessSigninCode(email); - return target.authClient.passwordlessConfirmCode(email, code, { - clientId: target.relierClientID, - service: SUPPORTED_SERVICE, - }); + return target.authClient.passwordlessConfirmCode( + email, + code, + { + clientId: target.relierClientID, + service: SUPPORTED_SERVICE, + }, + target.ciHeader + ); } async function setupPasswordlessTotpAccount( @@ -576,9 +590,13 @@ test.describe('severity-1 #smoke', () => { // Account now has a password — passwordless send should be rejected try { - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + }, + target.ciHeader + ); expect( true, 'passwordlessSendCode should have been rejected for password account' @@ -756,15 +774,20 @@ test.describe('severity-1 #smoke', () => { // Cleanup: Set password so testAccountTracker can sign in and destroy // Re-authenticate to get a fresh session since the old one may be stale - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + }, + target.ciHeader + ); const cleanupCode = await target.emailClient.getPasswordlessSigninCode(email); const cleanupResult = await target.authClient.passwordlessConfirmCode( email, cleanupCode, - { clientId: target.relierClientID } + { clientId: target.relierClientID }, + target.ciHeader ); // Elevate to AAL2 for password creation const cleanupTotpCode = await getTotpCode(secret); @@ -935,14 +958,19 @@ test.describe('severity-2', () => { await testAccountTracker.signUpPasswordless(); // Create a password on the first account via API - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + }, + target.ciHeader + ); const otpCode = await target.emailClient.getPasswordlessSigninCode(email); const result = await target.authClient.passwordlessConfirmCode( email, otpCode, - { clientId: target.relierClientID } + { clientId: target.relierClientID }, + target.ciHeader ); await target.authClient.createPassword( result.sessionToken, @@ -1207,15 +1235,20 @@ test.describe('severity-2', () => { await page.waitForURL(/\/settings/); // Cleanup: set password so testAccountTracker can destroy the account - await target.authClient.passwordlessSendCode(email, { - clientId: target.relierClientID, - }); + await target.authClient.passwordlessSendCode( + email, + { + clientId: target.relierClientID, + }, + target.ciHeader + ); const cleanupCode = await target.emailClient.getPasswordlessSigninCode(email); const cleanupResult = await target.authClient.passwordlessConfirmCode( email, cleanupCode, - { clientId: target.relierClientID } + { clientId: target.relierClientID }, + target.ciHeader ); const cleanupTotpCode = await getTotpCode(secret); await target.authClient.verifyTotpCode(