test: fix regressions in the tests

ory · Oct 19, 2021 · 246c580 · 246c580
1 parent c21fa26
commit 246c580
Show file tree

Hide file tree

Showing 35 changed files with 1,682 additions and 265 deletions.
diff --git a/selfservice/flow/login/error_test.go b/selfservice/flow/login/error_test.go
@@ -2,6 +2,7 @@ package login_test
 
 import (
 	"context"
+	"encoding/json"
 	"io/ioutil"
 	"net/http"
 	"testing"
@@ -35,7 +36,7 @@ import (
 
 func TestHandleError(t *testing.T) {
 	conf, reg := internal.NewFastRegistryWithMocks(t)
-	public, admin := testhelpers.NewKratosServer(t, reg)
+	_, admin := testhelpers.NewKratosServer(t, reg)
 
 	router := httprouter.New()
 	ts := httptest.NewServer(router)
@@ -132,13 +133,13 @@ func TestHandleError(t *testing.T) {
 				res, err := ts.Client().Do(testhelpers.NewHTTPGetJSONRequest(t, ts.URL+"/error"))
 				require.NoError(t, err)
 				defer res.Body.Close()
-				require.Contains(t, res.Request.URL.String(), public.URL+login.RouteGetFlow)
-				require.Equal(t, http.StatusOK, res.StatusCode)
 
 				body, err := ioutil.ReadAll(res.Body)
 				require.NoError(t, err)
-				assert.Equal(t, int(text.ErrorValidationLoginFlowExpired), int(gjson.GetBytes(body, "ui.messages.0.id").Int()))
-				assert.NotEqual(t, loginFlow.ID.String(), gjson.GetBytes(body, "id").String())
+				require.Equal(t, http.StatusInternalServerError, res.StatusCode, "%+v\n\t%s", res.Request, body)
+
+				assert.NotEqual(t, "00000000-0000-0000-0000-000000000000", gjson.GetBytes(body, "use_flow_id").String())
+				assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(anHourAgo), json.RawMessage(body), []string{"since", "redirect_browser_to", "use_flow_id"})
 			})
 
 			t.Run("case=validation error", func(t *testing.T) {

diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go
@@ -265,8 +265,9 @@ func TestFlowLifecycle(t *testing.T) {
 				conf.MustSet(config.ViperKeySelfServiceLoginRequestLifespan, "10m")
 			})
 
+			expired := time.Now().Add(-time.Minute)
 			run := func(t *testing.T, tt flow.Type, aal string, values string, isSPA bool) (string, *http.Response) {
-				f := login.Flow{Type: tt, ExpiresAt: time.Now().Add(-time.Minute), IssuedAt: time.Now(),
+				f := login.Flow{Type: tt, ExpiresAt: expired, IssuedAt: time.Now(),
 					UI: container.New(""), Refresh: false, RequestedAAL: identity.AuthenticatorAssuranceLevel(aal)}
 				require.NoError(t, reg.LoginFlowPersister().CreateLoginFlow(context.Background(), &f))
 
@@ -288,9 +289,10 @@ func TestFlowLifecycle(t *testing.T) {
 			}
 
 			t.Run("type=api", func(t *testing.T) {
-				body, res := run(t, flow.TypeAPI, "aal1", `{"method":"password"}`, false)
+				actual, res := run(t, flow.TypeAPI, "aal1", `{"method":"password"}`, false)
 				assert.Contains(t, res.Request.URL.String(), login.RouteSubmitFlow)
-				assert.Contains(t, gjson.Get(body, "ui.messages.0.text").String(), "expired", "%s", body)
+				assert.NotEqual(t, "00000000-0000-0000-0000-000000000000", gjson.Get(actual, "use_flow_id").String())
+				assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(expired), json.RawMessage(actual), []string{"use_flow_id", "since"}, "expired", "%s", actual)
 			})
 
 			t.Run("type=browser", func(t *testing.T) {
@@ -300,9 +302,10 @@ func TestFlowLifecycle(t *testing.T) {
 			})
 
 			t.Run("type=SPA", func(t *testing.T) {
-				body, res := run(t, flow.TypeBrowser, "aal1", `{"method":"password"}`, true)
+				actual, res := run(t, flow.TypeBrowser, "aal1", `{"method":"password"}`, true)
 				assert.Contains(t, res.Request.URL.String(), login.RouteSubmitFlow)
-				assert.Contains(t, gjson.Get(body, "ui.messages.0.text").String(), "expired", "%s", body)
+				assert.NotEqual(t, "00000000-0000-0000-0000-000000000000", gjson.Get(actual, "use_flow_id").String())
+				assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(expired), json.RawMessage(actual), []string{"use_flow_id", "since"}, "expired", "%s", actual)
 			})
 		})
 	})

diff --git a/selfservice/flow/login/stub/password.schema.json b/selfservice/flow/login/stub/password.schema.json
@@ -17,10 +17,7 @@
             }
           }
         }
-      },
-      "required": [
-        "username"
-      ]
+      }
     }
   }
 }
diff --git a/selfservice/flow/registration/error_test.go b/selfservice/flow/registration/error_test.go
@@ -2,6 +2,7 @@ package registration_test
 
 import (
 	"context"
+	"encoding/json"
 	"io/ioutil"
 	"net/http"
 	"testing"
@@ -36,7 +37,7 @@ func TestHandleError(t *testing.T) {
 	conf, reg := internal.NewFastRegistryWithMocks(t)
 	conf.MustSet(config.ViperKeyDefaultIdentitySchemaURL, "file://./stub/login.schema.json")
 
-	public, admin := testhelpers.NewKratosServer(t, reg)
+	_, admin := testhelpers.NewKratosServer(t, reg)
 
 	router := httprouter.New()
 	ts := httptest.NewServer(router)
@@ -132,13 +133,13 @@ func TestHandleError(t *testing.T) {
 				res, err := ts.Client().Do(testhelpers.NewHTTPGetJSONRequest(t, ts.URL+"/error"))
 				require.NoError(t, err)
 				defer res.Body.Close()
-				require.Contains(t, res.Request.URL.String(), public.URL+registration.RouteGetFlow)
-				require.Equal(t, http.StatusOK, res.StatusCode)
 
 				body, err := ioutil.ReadAll(res.Body)
 				require.NoError(t, err)
-				assert.Equal(t, int(text.ErrorValidationRegistrationFlowExpired), int(gjson.GetBytes(body, "ui.messages.0.id").Int()))
-				assert.NotEqual(t, registrationFlow.ID.String(), gjson.GetBytes(body, "id").String())
+				require.Equal(t, http.StatusInternalServerError, res.StatusCode, "%+v\n\t%s", res.Request, body)
+
+				assert.NotEqual(t, "00000000-0000-0000-0000-000000000000", gjson.GetBytes(body, "use_flow_id").String())
+				assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(anHourAgo), json.RawMessage(body), []string{"since", "redirect_browser_to", "use_flow_id"})
 			})
 
 			t.Run("case=validation error", func(t *testing.T) {

diff --git a/selfservice/flow/settings/error_test.go b/selfservice/flow/settings/error_test.go
@@ -2,6 +2,7 @@ package settings_test
 
 import (
 	"context"
+	"encoding/json"
 	"io/ioutil"
 	"net/http"
 	"testing"
@@ -41,7 +42,7 @@ func TestHandleError(t *testing.T) {
 	conf, reg := internal.NewFastRegistryWithMocks(t)
 	conf.MustSet(config.ViperKeyDefaultIdentitySchemaURL, "file://./stub/identity.schema.json")
 
-	public, admin := testhelpers.NewKratosServer(t, reg)
+	_, admin := testhelpers.NewKratosServer(t, reg)
 
 	router := httprouter.New()
 	ts := httptest.NewServer(router)
@@ -151,14 +152,14 @@ func TestHandleError(t *testing.T) {
 				res, err := c.Do(testhelpers.NewHTTPGetJSONRequest(t, ts.URL+"/error"))
 				require.NoError(t, err)
 				defer res.Body.Close()
-				require.Contains(t, res.Request.URL.String(), public.URL+settings.RouteGetFlow)
+				require.Contains(t, res.Request.URL.String(), ts.URL+"/error")
 
 				body, err := ioutil.ReadAll(res.Body)
 				require.NoError(t, err)
-				require.Equal(t, http.StatusOK, res.StatusCode, "%+v\n\t%s", res.Request, body)
+				require.Equal(t, http.StatusInternalServerError, res.StatusCode, "%+v\n\t%s", res.Request, body)
 
-				assert.Equal(t, int(text.ErrorValidationSettingsFlowExpired), int(gjson.GetBytes(body, "ui.messages.0.id").Int()), "%s", body)
-				assert.NotEqual(t, settingsFlow.ID.String(), gjson.GetBytes(body, "id").String())
+				assert.NotEqual(t, "00000000-0000-0000-0000-000000000000", gjson.GetBytes(body, "use_flow_id").String())
+				assertx.EqualAsJSONExcept(t, flow.NewFlowExpiredError(expiredAnHourAgo), json.RawMessage(body), []string{"since", "redirect_browser_to", "use_flow_id"})
 			})
 
 			t.Run("case=validation error", func(t *testing.T) {

diff --git a/selfservice/flow/settings/stub/identity.schema.json b/selfservice/flow/settings/stub/identity.schema.json
@@ -20,6 +20,11 @@
             }
           }
         },
+        "name": {
+          "type": "string",
+          "format": "email",
+          "minLength": 10
+        },
         "stringy": {
           "type": "string"
         },

diff --git a/selfservice/strategy/lookup/login_test.go b/selfservice/strategy/lookup/login_test.go
@@ -113,10 +113,11 @@ func TestCompleteLogin(t *testing.T) {
 			d       string
 			code    string
 			message string
+			key     string
 		}{
-			{d: "empty", message: text.NewErrorValidationLookupInvalid().Text},
-			{d: "invalid", code: "invalid", message: text.NewErrorValidationLookupInvalid().Text},
-			{d: "already-used", code: "key-1", message: text.NewErrorValidationLookupAlreadyUsed().Text},
+			{d: "empty", key: lookupCodeGJSONQuery + ".messages.0.text", message: "Property lookup_secret is missing."},
+			{d: "invalid", key: "ui.messages.0.text", code: "invalid", message: text.NewErrorValidationLookupInvalid().Text},
+			{d: "already-used", key: "ui.messages.0.text", code: "key-1", message: text.NewErrorValidationLookupAlreadyUsed().Text},
 		} {
 			t.Run(fmt.Sprintf("code=%s", tc.d), func(t *testing.T) {
 				id, _ := createIdentity(t, reg)
@@ -127,7 +128,7 @@ func TestCompleteLogin(t *testing.T) {
 				check := func(t *testing.T, shouldRedirect bool, body string, res *http.Response) {
 					checkURL(t, shouldRedirect, res)
 					assert.NotEmpty(t, gjson.Get(body, "id").String(), "%s", body)
-					assert.Equal(t, tc.message, gjson.Get(body, "ui.messages.0.text").String(), "%s", body)
+					assert.Equal(t, tc.message, gjson.Get(body, tc.key).String(), "%s", body)
 				}
 
 				t.Run("type=api", func(t *testing.T) {

diff --git a/selfservice/strategy/lookup/settings_test.go b/selfservice/strategy/lookup/settings_test.go
@@ -243,14 +243,16 @@ func TestCompleteSettings(t *testing.T) {
 				t.Run("type=api", func(t *testing.T) {
 					actual, res := doAPIFlow(t, payload, id)
 					assert.Equal(t, http.StatusForbidden, res.StatusCode)
-					assertx.EqualAsJSON(t, settings.NewFlowNeedsReAuth(), json.RawMessage(gjson.Get(actual, "error").Raw))
+					assert.Contains(t, gjson.Get(actual, "redirect_browser_to").String(), publicTS.URL+"/self-service/login/browser?refresh=true&return_to=")
+					assertx.EqualAsJSONExcept(t, settings.NewFlowNeedsReAuth(), json.RawMessage(actual), []string{"redirect_browser_to"})
 					checkIdentity(t)
 				})
 
 				t.Run("type=spa", func(t *testing.T) {
 					actual, res := doBrowserFlow(t, true, payload, id)
 					assert.Equal(t, http.StatusForbidden, res.StatusCode)
-					assertx.EqualAsJSON(t, settings.NewFlowNeedsReAuth(), json.RawMessage(gjson.Get(actual, "error").Raw))
+					assert.Contains(t, gjson.Get(actual, "redirect_browser_to").String(), publicTS.URL+"/self-service/login/browser?refresh=true&return_to=")
+					assertx.EqualAsJSONExcept(t, settings.NewFlowNeedsReAuth(), json.RawMessage(actual), []string{"redirect_browser_to"})
 					checkIdentity(t)
 				})
 
@@ -469,7 +471,7 @@ func TestCompleteSettings(t *testing.T) {
 
 					actualFlow, err := reg.SettingsFlowPersister().GetSettingsFlow(context.Background(), uuid.FromStringOrNil(f.Id))
 					require.NoError(t, err)
-					assert.Empty(t, gjson.GetBytes(actualFlow.InternalContext, flow.PrefixInternalContextKey(identity.CredentialsTypeLookup, lookup.InternalContextKeyRegenerated)))
+					assert.Equal(t, "{}", gjson.GetBytes(actualFlow.InternalContext, flow.PrefixInternalContextKey(identity.CredentialsTypeLookup, lookup.InternalContextKeyRegenerated)).Raw)
 				}
 
 				t.Run("type=api", func(t *testing.T) {

diff --git a/...oidc/fixtures/expectedGithuberFields.json → ...on_linked_credentials-agent=githuber.json b/...oidc/fixtures/expectedGithuberFields.json → ...on_linked_credentials-agent=githuber.json
@@ -3,9 +3,9 @@
     "attributes": {
       "disabled": false,
       "name": "csrf_token",
+      "node_type": "input",
       "required": true,
-      "type": "hidden",
-      "value": "MTZ4M3k1ZHc2NGhkb2U5Zm5leDZmbDlvYTYxY3ExYXM="
+      "type": "hidden"
     },
     "group": "default",
     "messages": [],
@@ -16,8 +16,9 @@
     "attributes": {
       "disabled": false,
       "name": "traits.email",
-      "type": "email",
-      "value": "hackerman+github+1523952a-ef47-4e01-ad38-b976efb08b90@ory.sh"
+      "node_type": "input",
+      "required": true,
+      "type": "email"
     },
     "group": "profile",
     "messages": [],
@@ -28,6 +29,7 @@
     "attributes": {
       "disabled": false,
       "name": "traits.name",
+      "node_type": "input",
       "type": "text"
     },
     "group": "profile",
@@ -39,6 +41,7 @@
     "attributes": {
       "disabled": false,
       "name": "method",
+      "node_type": "input",
       "type": "submit",
       "value": "profile"
     },
@@ -57,6 +60,7 @@
     "attributes": {
       "disabled": false,
       "name": "password",
+      "node_type": "input",
       "required": true,
       "type": "password"
     },
@@ -75,6 +79,7 @@
     "attributes": {
       "disabled": false,
       "name": "method",
+      "node_type": "input",
       "type": "submit",
       "value": "password"
     },
@@ -93,6 +98,7 @@
     "attributes": {
       "disabled": false,
       "name": "unlink",
+      "node_type": "input",
       "type": "submit",
       "value": "github"
     },
@@ -114,6 +120,7 @@
     "attributes": {
       "disabled": false,
       "name": "link",
+      "node_type": "input",
       "type": "submit",
       "value": "google"
     },
@@ -135,6 +142,7 @@
     "attributes": {
       "disabled": false,
       "name": "unlink",
+      "node_type": "input",
       "type": "submit",
       "value": "ory"
     },

diff --git a/...rategy/oidc/fixtures/multiuserFields.json → ...n_linked_credentials-agent=multiuser.json b/...rategy/oidc/fixtures/multiuserFields.json → ...n_linked_credentials-agent=multiuser.json
@@ -3,9 +3,9 @@
     "attributes": {
       "disabled": false,
       "name": "csrf_token",
+      "node_type": "input",
       "required": true,
-      "type": "hidden",
-      "value": ""
+      "type": "hidden"
     },
     "group": "default",
     "messages": [],
@@ -16,8 +16,9 @@
     "attributes": {
       "disabled": false,
       "name": "traits.email",
-      "type": "email",
-      "value": "hackerman+multiuser+@ory.sh"
+      "node_type": "input",
+      "required": true,
+      "type": "email"
     },
     "group": "profile",
     "messages": [],
@@ -28,6 +29,7 @@
     "attributes": {
       "disabled": false,
       "name": "traits.name",
+      "node_type": "input",
       "type": "text"
     },
     "group": "profile",
@@ -39,6 +41,7 @@
     "attributes": {
       "disabled": false,
       "name": "method",
+      "node_type": "input",
       "type": "submit",
       "value": "profile"
     },
@@ -57,6 +60,7 @@
     "attributes": {
       "disabled": false,
       "name": "password",
+      "node_type": "input",
       "required": true,
       "type": "password"
     },
@@ -75,6 +79,7 @@
     "attributes": {
       "disabled": false,
       "name": "method",
+      "node_type": "input",
       "type": "submit",
       "value": "password"
     },
@@ -93,6 +98,7 @@
     "attributes": {
       "disabled": false,
       "name": "link",
+      "node_type": "input",
       "type": "submit",
       "value": "github"
     },
@@ -114,6 +120,7 @@
     "attributes": {
       "disabled": false,
       "name": "unlink",
+      "node_type": "input",
       "type": "submit",
       "value": "google"
     },
@@ -135,6 +142,7 @@
     "attributes": {
       "disabled": false,
       "name": "unlink",
+      "node_type": "input",
       "type": "submit",
       "value": "ory"
     },